Machine to Machine
Connect Azure AD (Machine to Machine) to Zluri
Prerequisites
- Cloud Application Administrator or higher privileges in Azure AD
Integration steps
Register a new application in Azure AD
-
Log in to the Entra ID portal.
-
Navigate to Identity → Applications → App registrations and select New registration.
-
Give your app a name and choose "Accounts in this organizational directory only".
-
Click Register.
Create client secret
-
Navigate to Certificates & secrets → Client secrets and click ➕ New client secret.
-
Give the secret a name and set an expiry date. Click Add.
-
Copy and securely store the string under the Value column. We will later use this string as the Client Secret while connecting.
Add API permissions
-
Navigate to API permissions and add the following permissions:
Reports.read.all
Auditlog.read.all
Directory.read.all
.
These permissions enable only the required scopes for connecting with Zluri (Read Directory and Read Reports)—they don’t enable audit logs, and workflows-related features such as onboarding and offboarding.
To fine-tune features, see the full list of Zluri scopes and corresponding Azure AD API permissions.
-
Click Add permissions.
-
Click Grant admin consent, then click Yes to confirm.
-
Navigate to the Overview page. It will display the Application (client) ID, and Directory (tenant) ID. Keep these two handy for the next steps.
Unhide user details in Azure AD
By default, user details are hidden for all Microsoft reports. You need to unhide them manually in the admin dashboard so that Zluri can access it:
-
Visit Admin Center, and navigate to Settings → Org Settings → Services. Select Reports.
-
Uncheck the Display concealed user, group, and site names in all reports checkbox, then save your changes.
Connect the Azure AD (Machine to Machine) instance in Zluri
-
Open the Integrations Catalog, search for “azure”, and click ➕ Connect under Azure AD (Machine to Machine).
-
Select the scopes you wish to add and click Continue. You can click the down-arrow button towards the right of a scope to find out what it does.
Some optional scopes need additional permissions beyond those in the Add API permissions section. See this document for the full mapping of Zluri scopes to Azure API permissions.
-
Fill out the entries as follows:
- Client ID: Value of Application (client) ID created while adding API permissions
- Client Secret: The string under the Value column obtained while creating the client secret
- Tenant ID: Value of Directory (tenant) ID created while adding API permissions
-
Click Connect, give the connection a name and description, and you’re ready to go!
Got questions? Feel free to submit a ticket or contact us directly at [email protected].
Updated 16 days ago