6.0 Office 365

Complete the following steps to configure Office 365 to allow user provisioning from Access Manager using SAM:

  1. Log in to https://portal.azure.com.

  2. In the left navigation pane, select Azure Active Directory to open the Overview page for your domain.

  3. At the top middle of the Overview page, the domain name appears. Copy and save it for later use.

  4. In the left navigation pane for your domain, select Properties.

  5. From the Properties page, copy the Tenant ID and save it for later use.

  6. In the left navigation pane, select App registrations, then click All applications.

  7. (Conditional) If you are creating a new application:

    1. Select New registration.

    2. In the provided form, enter a Name, leave the default Single tenant button selected, then for the Redirect URI (optional) select Web and type the following:

                    https://www.office.com

    3. Click Register.

      The page redirects you to the Overview page.

    4. Copy and save the Application ID and Directory ID for later use.

  8. (Conditional) If you are using an existing Native type application:

    1. Select the application from the App registrations page.

    2. Copy the Application ID and save it for later use.

  9. On the application details page, in the left navigation pane select API permissions.

    Microsoft Graph is automatically added with the User.Read permission.

  10. Click Microsoft Graph, then configure additional permissions as follows:

    1. Expand Directory and select Directory.AccessAsUser.All (Access directory as the signed-in user).

    2. Expand Group and select Group.ReadWrite.All (Read and write all groups).

    3. Expand User and select User.Read.All, User.ReadWrite, and User.ReadWrite.All.

  11. Click Update permissions.

  12. Click Grant admin consent for <Your organization>.

  13. In the left navigation pane, click Authentication again.

  14. Under Implicit grant, select the ID tokens check box.

  15. Under Advanced settings, toggle Treat application as a public client to Yes.

  16. At the top of the page, click Save.

When you have completed the above steps for Office 365, use the values you saved to configure the application's Account Management settings in Access Manager.

NOTE:The first time you register an application in the Azure AD portal, if the Implicit grant section does not appear in the application portal interface, you can enable it manually. Click the application’s Manifest in the left navigation pane, then change oauth2AllowIdTokenImplicitFlow from false to true.