3.1 Configure Azure AD as a User Source

To configure Azure AD as a User Source, you need to perform the following steps:

3.1.1 Step 1: Create Azure AD Application

Log into the Azure portal.

https://portal.azure.com/.
On the welcome page, Click Azure Active Directory.
In the left pane, select App Registrations.
Select the New Registration link.
Specify the registration name.
Select Accounts in this organizational directory only. Leave Redirect URI blank, which can be updated later.

NOTE:In this release, only single tenant account type is supported.
On the Registration page, for the new registration created, copy the Application (client) ID.
To add the redirect URI, In the left pane, click Authentication.

Redirect URI is a location where the server redirects users after successful authorization.

Click Add a platform, and select Mobile and desktop applications.

Select https://login.microsoftonline.com/common/oauth2/nativeclient and add a custom URI as shown below:

Custom URI: ms-appx-web://microsoft.aad.brokerplugin/{client_id}

Replace {client_id} with the application ID copied in Step 7.

Example: ms-appx-web://microsoft.aad.brokerplugin/2aff41d4-6a76-4805-86a0-6017631127f3

In this example, 2aff41d4-6a76-4805-86a0-6017631127f3 is the client-id
Click Configure.
In the left pane, Click Certificates & secrets, click New client secret, specify the description and select expiry duration, and then click Add.
Copy the Secret Value (Client Secret).

The client secret is displayed only once. Hence, it is recommended that you copy the value, so that this can be used later while configuring the user source in ZENworks.
On the left menu, Click API permissions, click Add a permission, and then click Microsoft Graph Application.
Add the required permissions, click Application permissions and select the following:
- User.Read.All
- Group.Read.All
- Select Delegated permissions and select openid.
  
  After adding the required permission, ensure that all the configured permissions of type Application are granted Admin Consent by clicking the button next to Add a permission.
NOTE:Only administrators can provide the Admin Consent.
After successfully completing all the above-steps, the app is configuration is complete.

Ensure that you have the following details from the Azure portal:

These details will be used to configure user source in ZENworks.
- Application (client) ID
- Directory (tenant) ID
- Secret Value (Client Secret)

3.1.2 Step 2: Adding Azure Application in ZENworks

After creating an application and collecting the required details in the Azure portal, switch to ZENworks to add the application, which enables ZENworks to communicate with Azure.

NOTE:Ensure that you have configured an MDM server before adding an application.

Perform the following steps to add the Azure application in ZENworks:

In ZENworks Control Center, click Configuration > Management Zone Settings > Infrastructure Management > Azure Applications.
In the Azure Applications page, click Add Application.
In the Add Application pop-up, select an MDM server.
Select the purpose for which the Azure application will be used.

By default, the User Source Application is selected as the application will be used to configure the Azure AD user source.
Click Add Application.
In the Specify Application Details page, specify the details that were gathered in the Azure portal while creating an application:
- Application ID
- Tenant ID
- Client Secret
Click OK.

The specified application will be validated with the Azure portal.

After successful validation, the following application details will be retrieved from the Azure portal and displayed in the page:
- Tenant Name
- Tenant ID
- Application Name
- Application ID
- Permissions
If valid details are not provided, then an error will be displayed.

If required, you can click Edit Application to make changes to the existing application details or click Test Application to validate the application details with Azure.
Click OK.

The Azure Applications page will be populated with the application details.

3.1.3 Step 3: Configuring Azure AD User Source in ZENworks

After adding an application in ZENworks, perform the following steps in ZENworks to configure the Azure AD user source.

In ZENworks Control Center, click Configurations.
In the User Sources panel, click New.
In the Create New User Source page, select Azure Active Directory, and click Next.
In the Select Azure Application page, select the Azure application.
- Ensure that the application you are selecting is not used by another user source, and another application with same tenant name cannot be selected.
- After selecting the Azure application, the Tenant ID and Tenant Name fields will be displayed.
- By default, the tenant name will be populated as the User Source Name. If required, you can edit the user source name as it cannot be modified after creating the user source.
NOTE:The drop-down displays only the applications for which User Source Application was selected while configuring the application.
Click Next.
In the Summary page, review the displayed information, and then click Finish.

After clicking Finish, ZENworks syncs all users and user groups into ZENworks database.

To view the sync status, go to Configuration > User Sources panel, and then click the Azure Active Directory user source that was added.

NOTE:Following are some of the important points to remember:

After successful sync, the groups status in the Last Sync Details field is updated only if you make any modifications to the group name, or description, or add/remove groups. The group status in the Last Sync Details field might not be updated if modifications are made to group members, or if members are added/deleted from the group in the Azure portal.
Groups of type Security will be synced with ZENworks. However, groups of type Microsoft 365 will not be synced with ZENworks.
Bundles that are assigned to Azure AD groups might not be displayed in the Bundle User assignment dashlet.