Via Custom Admin Role

Connect Azure AD to Zluri using a custom admin role

If you wish to delegate Zluri’s Azure AD integration to a non-admin user or group, you can assign them a custom admin role. This method requires more manual configuration, but gives greater control over the Zluri features you wish to use.

Prerequisites

  • An account with Owner or User access administrator privileges (for creating a custom admin)
  • Microsoft Entra ID P1 or Entra ID P2 subscription

Create a custom admin role

  1. In the Azure Portal, open either Management Group, Subscription, or Resource Group (depending on your user case) where you want to assign the custom role, then open Access control (IAM).

  2. Click the Roles tab to see a list of all the built-in and custom roles.

  3. Search for a role you want to clone. Click the 3-dot menu towards the right of the row and click Clone. This will open the custom roles editor.

  4. In the Basics tab, write a name and description. Set Baseline permissions to Clone a role.

Add the required permissions

The new role needs the following permissions in Azure to function:

  • Application.Read.All
  • AuditLog.Read.All
  • Directory.Read.All
  • Group.Read.All
  • GroupMember.Read.All
  • IdentityRiskEvent.Read.All
  • IdentityRiskyUser.Read.All
  • Reports.Read.All
  • Sites.Read.All
  • TeamsAppInstallation.ReadForTeam
  • User.Read.All
  • UserAuthenticationMethod.Read.All
  1. To do this, click the the Permissions tab, then click ➕ Add permissions.

  2. Search for one of the permissions mentioned above using the search bar. Then, click a resource provider card that has the permissions you want to add to your custom role, such as Microsoft Billing.

  3. This will display a list of the management permissions for that resource provider. Click Add to append the permission to the role.

  4. Repeat this for every permission mentioned above.

  5. Go to the Review + create tab, review the permissions, then click Create.

Unhide user details in Azure AD

By default, user details are hidden for all Microsoft reports. You need to unhide them manually in the admin dashboard so that Zluri can access it. Here’s how:

  1. Visit Admin Center, and navigate to Settings → Org SettingsServices. Select Reports.

  2. Uncheck the Display concealed user, group, and site names in all reports checkbox, then save your changes.

Connect the Azure AD instance in Zluri

  1. Open the Integrations Catalog, search for “azure”, and click ➕ Connect on the Azure AD entry.

  2. Choose the scopes for the integration, and click Connect. You can click the down-arrow button towards the right of a scope to find out what it does.

  3. You will now see a popup window asking you to authorize the request on Azure AD’s end. Accept the request.

  4. Give the connection a name and description, and you’re ready to go!

Got questions? Feel free to submit a ticket or contact us directly at [email protected].