Configuring Azure AD Member Source

You use the Azure AD type external source to retrieve information for users and user groups from an Azure AD, which organizes corporate information on users, machines, and networks in a structural database.

To create an Azure AD member source:

  1. On the ESA Web UI, navigate to Policy Management > Roles & Member Sources > Member Sources.

  2. Click Add New Member Source.

    The New Member Source screen appears.

  3. Enter a unique name of the Azure AD member source in the Name textbox.

  4. Type the description in the Description textbox.

  5. Select Azure AD from the Source Type drop-down list.

    The Azure AD Member Source screen appears.

    Azure AD Member Source screen

  6. Enter the information in the directory fields.

    The following table describes the directory fields for the Azure Active Directory member sources.

    Field NameDescription
    Recursive SearchThe recursive search can be enabled to search the user groups in the Azure AD recursively.
    Tenant IDThe unique identifier of the Azure AD instance
    Client IDThe unique identifier of an application created in Azure AD
    User AttributeThe Relative Distinguished Name (RDN) attribute of the user distinguished name. The following user attributes are available:
    - displayName - The name displayed in the address book for the user.
    - userPrincipalName - The user principal name (UPN) of the user.
    - givenName - The given name (first name) of the user.
    - employeeId - The employee identifier assigned to the user by the organization.
    - id - The unique identifier for the user.
    - mail - The SMTP address for the user.
    - onPremisesDistinguishedName - Contains the on-premises Active Directory distinguished name (DN).
    - onPremisesDomainName - Contains the on-premises domainFQDN, also called dnsDomainName, synchronized from the on-premises directory.
    - onPremisesSamAccountName - Contains the on-premises samAccountName synchronized from the on-premises directory.
    - onPremisesSecurityIdentifier - Contains the on-premises security identifier (SID) for the user that was synchronized from the on-premises setup to the cloud.
    -onPremisesUserPrincipalName - Contains the on-premises userPrincipalName synchronized from the on-premises directory.
    - securityIdentifier - Security identifier (SID) of the user, used in Windows scenarios.
    Group AttributeThe RDN attribute of the group distinguished name. The following group attributes are available:
    - displayName - The display name for the group.
    - id - The unique identifier for the group.
    - mail - The SMTP address for the group.
    - onPremisesSamAccountName - Contains the on-premises SAM account name synchronized from the on-premises directory.
    - onPremisesSecurityIdentifier - Contains the on-premises security identifier (SID) for the group that was synchronized from the on-premises setup to the cloud.
    - securityIdentifier - Security identifier of the group, used in Windows scenarios.
    Group Members AttributeThe attribute that enumerates members of the group.
    Note: Ensure to select the same Group Members Attribute as the User Attribute.
    The following group members attributes are available:
    - displayName - The name displayed in the address book for the user.
    - userPrincipalName - The user principal name (UPN) of the user.
    - givenName - The given name (first name) of the user.
    - employeeId - The employee identifier assigned to the user by the organization.
    - id - The unique identifier for the user.
    - mail - The SMTP address for the user.
    - onPremisesDistinguishedName - Contains the on-premises Active Directory distinguished name (DN).
    - onPremisesDomainName - Contains the on-premises domainFQDN, also called dnsDomainName, synchronized from the on-premises directory.
    - onPremisesSamAccountName - Contains the on-premises samAccountName synchronized from the on-premises directory.
    - onPremisesSecurityIdentifier - Contains the on-premises security identifier (SID) for the user that was synchronized from the on-premises setup to the cloud.
    - onPremisesUserPrincipalName - Contains the on-premises userPrincipalName synchronized from the on-premises directory.
    - securityIdentifier - Security identifier (SID) of the user, used in Windows scenarios.
    Password/SecretThe client secret is the password/secret of the Azure AD application.
  7. Click Save.

A message Member Source has been created successfully appears.

Last modified January 21, 2025