The "Microsoft Azure Active Directory" integration is built to sync users and authenticate through the Windows Azure API depending on user's settings, was implemented in v6.3 (November 2016).
Instructions update for Q2/Q3 2021 - in progress ...
Planned: Azure Active Directory Connector v2 development
- Add support for new "Microsoft Graph" to replace the deprecated "MS Azure AD GRAPH API Endpoint"
- Add support for MFA via "Microsoft Graph".
- fw Server > Setup > Users > Microsoft Azure Active Directory Connector.
- fw Server/Client > Modify User > Microsoft Azure Active Directory Connector.
- fw Client > Toolbox > Settings > Server Setup > Microsoft Azure Active Directory Connector.
# Requirements/prerequisites to be able to connect farmerswife (fw) and Microsoft 365 > Azure AD:
1. A "Office 365" account
Search for this: "You can sign up for Office 365 Developer subscription"; this account should include the resources that you need to start building Office 365 apps. Don't forget to activate it, in order to assign "Groups" to your app, more info below.
2. "Applications" are used in Azure for authentication and authorization.
3. Register a new app (e.g. called "farmerswife") in Azure Active Directory
In 2021, there is no "Web app/Api" type.
IMPORTANT: for a smooth setup: first create and set the "API Permissions", as per below info (<= to be clarified). And only as the last step, create the "Secret Key" for the app.
- "App Client Id" from Microsoft 365 > Azure AD > App Settings.
- "App Secret Key" from Microsoft Azure AD > App Settings.
- "OAuth 2.0 Token Endpoint" from Microsoft Azure AD > App Registration.
- "MS Azure AD GRAPH API Endpoint" from Microsoft Azure AD > App Registration. <= January 2021, this is now deprecated and "Starting June 30th, 2022, support ends for Azure AD Graph" by Microsoft. Already created "AD GRAPH API Endpoints will continue to work! (https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/api/api-catalog)
We are working on migrating support for this over to its replacement called "Microsoft Graph"; more info to come.
4. Create in Azure Active Directory "Groups member Users" to be synced to farmerswife.
IMPORTANT: you need create "Azure AD > Groups" per each saved fw "Permission Profile" and fw "Web Permission Profile".
# farmerswife Setup:
1. Go to fw Server > Setup > Users > Microsoft Azure Active Directory Connector to setup the connection parameters and to map Azure AD Groups/Users into fw Users.
2. Click "Test" and you should see a success message.
3. Click "Ok" to save the settings.
4. Go to fw Client > Toolbox > Settings > Server Setup > Microsoft Azure Active Directory Connector:
- Click on "Sync Now", to do a first sync.
- Select a "Sync Time" interval.
5. Optionally go to fw Server/Client > Modify User > Microsoft Azure Active Directory Connector to change Microsoft Azure AD Connector settings on an specific user.
- The user's fields synced from Azure to farmerswife are the following: Username, First Name, Last Name, Email, Title, Phone Direct, Phone Mobile, Address and Fax.
- The "App Secret Key" must be updated in farmerswife every 1 or 2 years depending on the Azure Active Directory app configuration (to be confirmed if "Never Expire" also exists by now).
- The farmerswife User's Number can be synced by using MS Azure AD Extension Attributes and the field in fw Server > Setup > Users > MS Azure Extension Attribute ID To Import User Number.
- Implemented New Option in fw Server > Setup > Users > Microsoft Azure Active Directory Connector > Strip Domain Name From Username When Creating.
- Implemented Sync Time at an exact time to sync every 24h in fw Client > Toolbox > Server Setup > Microsoft Azure Active Directory Connector > Sync Time.
- Implemented new setting in fw Client > Toolbox > Server Setup > Microsoft Azure Active Directory Connector > "Setup" button to manage Groups and to test the settings.
- This integration supports "nested groups" (AD Groups within AD Groups) when syncing users.
- The "User Groups" respect the order in which they are listed within the "User Groups".This is useful when the "same user" exists in multiple Groups and should get the "most or highest permissions assigned". Since there is no such thing as "most or highest" permissions in farmerswife, this can still be achieved by creating the User Group with the "most or highest permissions" first. This same user will then get this Groups' Permission Profile assigned, and if present on following Groups, these will not be applied.