Configuring an Azure Active Directory Application

Document created by user.Yo2IBgvWqr Employee on Mar 8, 2018Last modified by user.oxriBaJeN4 on May 3, 2019
Version 14Show Document
  • View in full screen mode

This guide describes how to configure an Azure Active Directory Application. This is required when you're synchronizing your Office 365 or Hybrid Exchange with Windows Azure Active Directory, to automatically add and manage all of your user, group, and group membership attributes.

 

What You'll Need

 

  • Access to your Windows Azure management portal for the Active Directory you would like to synchronize with us.
For detailed, but non-Mimecast specific, instructions on creating a Windows Azure Active Directory application, read the "How to Configure Your App Service Application to use Azure Active Directory Login" page on the Windows Azure website.

Creating an Azure Active Directory Application

 

To create a Windows Azure Active Directory application:

  1. Log on to the Office 365 Admin Center.
  2. Click on the Admin Centers | Azure Active Directory menu item.
  3. Click on All Services | App Registrations menu item.

 

Creating an App Registration

 

To configure an app registration:

  1. Click on the New Registration button.
  2. Complete the dialog as follows:
    Field / OptionComments
    Name

    Specify a name for the application (e.g. Mimecast Directory Synchronization).

    Supported Account Types

    Select "Accounts in this Organizational Directory Only".

    Redirect URL

    Specify an arbitrary URL by selecting "Web" and ensuring you use a "http://" or "https://" prefix as per Microsoft’s requirements (e.g. "https://fakedomain.com").

    When enabling Azure Active Directory Synchronization for Office 365, do not specify portal.office.com as this will cause problems accessing Office 365.
  3. Click on the Register button.

 

Configuring Certificates

 

To configure a certificate:

  1. Click on the Certificates and Secrets menu item in the navigation panel.
  2. Click on the New Client Secret button.
  3. Complete the dialog as follows:
    Field / OptionDescription
    DescriptionProvide a name for the Client Secret (e.g. Mimecast Key).
    ExpiresSelect the "Never" option to ensure the key doesn't expire.
  4. Click on the Add button.
  5. Click on the Copy icon to copy the key to your clipboard.Copying an Application key
  6. Paste the value into a Text Editor for later use.

 

Configuring Application Permissions

 

To configure application permissions:

  1. Click on the API Permissions menu item in the navigation panel.
  2. Click on the Add a Permission button.
  3. Scroll down to the Supported Legacy APIs section in the Request API Permissions panel.
  4. Select the Azure Active Directory Graph icon.
  5. Click on the Application Permissions button.
  6. Expand the Directory section.
  7. Select the Directory.Read.All option.
  8. Click on the Delegated Permissions button.
  9. Click on the Add Permissions button.
  10. Expand the User section.
  11. Select the User.Read.All option.
  12. Click on the Add Permissions button.
  13. Click on the Microsoft Graph icon in the "Commonly Used Microsoft APIs section of the Request API Permissions panel.
  14. Click on the Application Permissions button.
  15. App permissionsExpand the User section.
  16. Select the User.Read.All option.
  17. Click on the Add Permissions button. The permissions should look like the example on the right.
  18. Click on the Grant Admin Consent button.
  19. Click on the Yes button to confirm consent.
  20. Click on the Overview menu item in the navigation panel.
  21. Copy the Application (Client) Id value to your clipboard.
  22. Paste the Application (Client) Id value into a Text Editor for later use.

 

Configuring a Directory Connector

 

Once you have the application key and application client id in your text editor, you can configure a Directory Connector in Mimecast;

  1. Log on to the Mimecast Administration Console.
  2. Click on the Administration toolbar button.
  3. Select the Services | Directory Synchronization menu item.
  4. Click on the New Directory Connector button.
  5. Complete the dialog as follow:
    Header 1Header 2
    DescriptionEnter a description for the directory connector (e.g. Azure AD Synchronization).
    TypeSelect the "Office 365 / Windows Azure Active Directory" option from the drop down list.
    Application IdCopy and paste the Application (Client) Id value from your text editor.
    KeyCopy and paste the Application Key value from your text editor.
    Tenant DomainEnter your primary Office 365 domain. You can find this in the Azure Admin Portal by selecting Azure Active Directory > Custom Domain Names.
    Acknowledge Disabled Accounts in Active DirectorySelect this option to ensure disabled accounts in Active Directory aren't able to log on by using the Mimecast Cloud password to access Mimecast applications.
    Optional Email Domains FilterLeave this option unselected.
  6. Click on the Save button.
  7. Click on the Sync Directory Data button to test the connection.

 

See Also...

 

Attachments

    Outcomes