Register an Azure Tenant
For PMC to query Azure AD groups, a communication channel between PMC and Azure AD must exist.
There are two key steps to create a channel:
- Create an app registration in Azure and grant the appropriate permissions. You must also set up an authentication method.
- Configure PMC with the app registration.
This section details the steps to register an Azure tenant.
Register a Tenant
- Go to https://portal.azure.com.
- Select the directory that contains the Azure AD you want to register with PMC.
- Search for the App registrations service and select it.
- Click New registration.
- Give the registration a name. For example, PM Cloud Registration.
- Select the Supported account types you require for your business needs.
- Ignore the setting Redirect URI.
- Click Register an application.
- Go to Manage > API Permissions and click Add a permission.
- Click Microsoft Graph, and then Application permissions.
- Add the following permissions. Search by name, and then select the permission when it displays.
- After all 3 permissions are selected, click Add permissions.
- Finally, you must grant the permissions. Click Grant admin consent for (Directory Name).
You need to choose an authentication method to create a trust relationship between PMC and Azure. There are two authentication methods available:
- Certificate authentication
- Client-secret authentication
- In the PMC console, select Configuration > Azure AD Settings.
- Click Download Certificate.
- Go to the Azure app registrations portal, and then select Certificates & secrets.
- Click Upload certificate.
- In the Azure app registrations portal, select Certificates & secrets.
- Select Client-Secret Authentication.
- Click New Client Secret.
- Select an appropriate expiry time, and click Add.
- Copy the value to your clipboard.
- Go to the PMC console, select Administration > Access Settings > Azure AD Settings.
- Paste the client secret value into the Application Client Secret box.
- Click Save Changes.
Client and Tenant IDs
Go to the Overview node and note the Application (client) ID and the Directory (tenant) ID. These are used in the PMC administration console.