farmerswife Support

Welcome
Login  Sign up
  1. Solution home
  2. IT Admin Configurations
  3. 3rd Party Integrations

Microsoft Entra ID (Azure Active Directory) Connector v1 & v2 - short version

(NOTE: Since 23/10/2023 "Microsoft Entra ID" - New name for "Azure Active Directory"; more info here:

https://learn.microsoft.com/en-gb/entra/fundamentals/new-name


The "Microsoft Azure Active Directory Connector" v1 integration is built to sync users and authenticate through the Windows Azure API depending on user's settings, was implemented in v6.3 (November 2016).


With the farmerswife v6.8 Release (June 2022), the "Microsoft Azure Active Directory Connector" v2 has been implemented, which adds support for the new "Microsoft Graph API Endpoint" to replace the deprecated "MS Azure AD GRAPH API Endpoint".


Here below is the short summary overview of the involved settings.

Use the detailed instructions here on how to actually set this up: Microsoft Azure Active Directory Connector v1 & v2 - detailed version


Known Wishlist:

- Add support for MFA via "Microsoft Graph".


# Involved farmerswife-side settings:

- fw Server > Setup > Users > Microsoft Azure Active Directory Connector.

- fw Server/Client > Modify User > Microsoft Azure Active Directory Connector.

- fw Client > Toolbox > Settings > Server Setup > Microsoft Azure Active Directory Connector.


# Requirements/prerequisites to be able to connect farmerswife (fw) and Microsoft 365 > Azure AD:


1. A "Office 365" account

Search for this: "You can sign up for Office 365 Developer subscription"; this account should include the resources that you need to start building Office 365 apps. Don't forget to activate it, in order to assign "Groups" to your app, more info below.


2. "Applications" are used in Azure AD for authentication and authorization.


3. Register a new app (e.g. called "farmerswife") in Azure Active Directory 


In 2021, there is no "Web app/Api" type

IMPORTANT: for a smooth setup, first create and set the "API Permissions", as per below info. And only as the last step, create the "Secret Key" for the app.


- "App Client Id" from Microsoft 365 > Azure AD > App Settings.

- "App Secret Key" from Microsoft Azure AD > App Settings.

- "OAuth 2.0 Token Endpoint" from Microsoft Azure AD > App Registration.

- "MS Azure AD GRAPH API Endpoint" from Microsoft Azure AD > App Registration. <= January 2021, this is now deprecated and "Starting June 30th, 2022, support ends for Azure AD Graph" by Microsoft. Already created "AD GRAPH API Endpoints will stop to work! (https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/api/api-catalog)

We are working on migrating support for this over to its replacement called "Microsoft Graph". As mentioned above, this is work in progress during Q1 20


4. Create in Azure Active Directory "Groups member Users" to be synced to farmerswife.

IMPORTANT: you need create "Azure AD > Groups" per each saved fw "Permission Profile" and fw "Web Permission Profile".


# farmerswife Setup:

1. Go to fw Server > Setup > Users > Microsoft Azure Active Directory Connector to setup the connection parameters and to map Azure AD Groups/Users into fw Users.
For detailed info use this solution article: Microsoft Azure Active Directory Connector v1 & v2 - detailed version

2. After the configuration is completed, use the "Test" button and you should see a success message: "OK. server responded as expected" 

3. Click "OK" to save the settings.

4. Go to fw Client > Toolbox > Settings > Server Setup > Microsoft Azure Active Directory Connector:

- Click on "Sync Now", to do a first sync.

- Select a "Sync Time" interval.

5. Optionally go to fw Server/Client > Modify User > Microsoft Azure Active Directory Connector to change teh "Microsoft Azure AD Connector" settings per user user.


Additional info:

  • The user's fields synced from Azure to farmerswife are the following: Username, First Name, Last Name, Email, Title, Phone Direct, Phone Mobile, Address and Fax.
  • The "App Secret Key" must be updated in farmerswife every 1 or 2 years depending on the Azure Active Directory app configuration (to be confirmed if "Never Expire" also exists by now).
  • The farmerswife User's Number can be synced by using MS Azure AD Extension Attributes and the field in fw Server > Setup > Users > MS Azure Extension Attribute ID To Import User Number.
  • Implemented New Option in fw Server > Setup > Users > Microsoft Azure Active Directory Connector > Strip Domain Name From Username When Creating.
  • Implemented Sync Time at an exact time to sync every 24h in fw Client > Toolbox > Server Setup > Microsoft Azure Active Directory Connector > Sync Time.
  • Implemented new setting in fw Client > Toolbox > Server Setup > Microsoft Azure Active Directory Connector > "Setup" button to manage Groups and to test the settings.
  • This integration supports "nested groups" (AD Groups within AD Groups) when syncing users.
  • The "User Groups" respect the order in which they are listed within the "User Groups".This is useful when the "same user" exists in multiple Groups and should get the "most or highest permissions assigned". Since there is no such thing as "most or highest" permissions in farmerswife, this can still be achieved by creating the User Group with the "most or highest permissions" first. This same user will then get this Groups' Permission Profile assigned, and if present on following Groups, these will not be applied.
Did you find it helpful? Yes No

Related Articles