Skip to content

Azure Active Directory Connection

Azure Active Directory is the newer version of identity and access management created by Microsoft. It is an on-cloud version of its peer on-premises Active Directory. Azure AD is great at managing user access to cloud applications.

Azure AD application on hire2retire uses OAuth authorization. By linking your Azure AD account with hire2retire, you can authorize RoboMQ to have a delegated access on your behalf. RoboMQ needs the following permissions on your account to provide a seamless integration experience:

Scopes Explanation
User.ReadWrite.All Read and write all user's full profiles
Group.ReadWrite.All Read and write all groups
Directory.AccessAsUser.All Application requires this scope to reset their password.
offline_access Maintain access to data you have given it access to. When a user approves the offline_access scope, your app can receive refresh tokens from the Microsoft identity platform token endpoint. Refresh tokens are long-lived. Your app can get new access tokens as older ones expire.

Azure AD User roles

In Azure Active Directory (Azure AD), if another administrator or non-administrator needs to manage Azure AD resources, you assign them an Azure AD role that provides the permissions they need. Required permission to perform all the lifecycle business rules in Azure AD application on hire2retire is User Administrator

Role Description
User Administrator Can manage all aspects of users and groups, including resetting passwords for limited admins.

How to Give User Administrator Role

Following are the steps to give User Administrator role:-

  1. Login in Azure AD portal, and open the user to which you want to assign User Administrator role. Click on the Assigned Roles option present on the left-hand side.

    Azure AD Portal

    Figure 1. Shows Assigned Role option on portal Azure AD portal

  2. Click on Add assignments options

    Azure AD Portal

    Figure 2. Shows Add Assignment option on portal Azure AD portal

  3. Select the user Administrator role from the list of roles present in select role option and click next.

    Azure AD Portal

    Figure 3. Shows Select Role option on portal Azure AD portal

  4. Make sure to select Active in the assignment type and check the Permanently assigned checkbox. Otherwise role can be only be assigned for a particular period of time. Click on Assign button.

    Azure AD Portal

    Figure 4. Shows assignment type option on portal Azure AD portal

  5. User Assignments role will be assigned. It might take some time, wait for few seconds and refresh the page again.

    Azure AD Portal

    Figure 5. Shows Assigned Role on portal Azure AD portal

Create a Connection

You need to have an Azure Active Directory account before using Azure AD application on hire2retire.

Azure AD Connection Name

Figure 1. Azure AD Connection

On clicking the 'Link Account' button, you will be redirected to Microsoft Account Authorization screen. and then enter the account details to use the Azure Active Directory for this flow

Azure AD Sign In

Figure 2. Azure AD Sign In

One also need admin consent. After entering acount details you will be redirected to microsoft admin approval pannel, enter justification for requesting and click on Request approval.

Azure AD Sign In

Figure 2. Azure AD Sign In

From the Azure admin portal, click on Review permissions and consent option to approve the request

Azure AD Sign In

Figure 2. Azure AD Sign In

By allowing access, you are authorizing RoboMQ to access your AzureAD account and make changes based on changes in HR data.