This article describes how to set up Microsoft Entra connector, which is a cloud-based identity and access management service that enables employees access external resources. The connector acts as a middleware between Entra ID and Identity Manager by exposing a SCIM API for Identity Manager to connect to as a datapool and manage users as core object templates.
<SMARTIDHOME>
In this article, <SMARTIDHOME> refers to /home/nexus, but this can be different depending on the setup.
Prerequisites
-
The IDM version needs to be 5.0.0 as a minimum.
-
Read the official documentation regarding how to authenticate and other important topics here.
Step-by-step instruction
Set up Microsoft Entra
Authentication
The Entra ID Connector supports two types of authentication to the Graph API, via client secret or certificate.
-
Configure the Entra ID Connector in config/entra-id.yaml. You can configure host, security, and authentication in the configuration file.
Docker
-
Open the environment file <SMARTIDHOME>/compose/smartid.env for editing.
-
Set the properties for the following three variables to fit your deployment:
PRIME_CONNECTORS_VERSION=2408.0.0
## - Entra ID Connector properties
ENTRA_ID_CONNECTOR_PORT=8083
ENTRA_ID_REQUEST_INTERCEPTOR_ENABLED=false
ENTRA_ID_CONNECTOR_CLIENT_ID=
# client secret authentication setting
ENTRA_ID_CONNECTOR_CLIENT_SECRET=
# cert authentication settings
ENTRA_ID_CONNECTOR_CERTIFICATE_PATH=classpath:certs/
ENTRA_ID_CONNECTOR_CERTIFICATE_PASSWORD=
ENTRA_ID_CONNECTOR_ENCRYPTION_KEY=
ENTRA_ID_CONNECTOR_ENCRYPTION_SALT=
Tomcat (stand-alone)
-
Adapt the config files in the WEB-INF/classes/config folder.