Configuring Azure AD integration with MaaS360

Follow these steps to configure Azure AD integration with MaaS360®.

Before you begin

Make sure that you have at least one user in your Azure AD organization who is assigned the Global Administrator role. For more information about this role, see https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#global-administrator.

Procedure

  1. From the MaaS360 Portal Home page, select Setup > Azure Integration.
    Azure AD integration
  2. Select the services that you want to integrate, and then click Configure.
    Azure AD integration configuration
    You are redirected to the Microsoft account login page.
  3. Log in to your Microsoft account and grant permission for MaaS360 to view your Azure AD instance.
    For the User Visibility service, you must provide the Tenant ID details to complete the configuration. When the configuration is complete, all users and groups are imported into MaaS360.
  4. Select Users > Groups > Add > User Directory Group to import User Directory groups in the MaaS360 Portal.
    Add User Directory Group window
    The name of the group and the GUID of each group is displayed in the MaaS360 Portal.
    When the integration is configured, all data is synced every 4 hours from Azure AD to MaaS360. Only changes in the data are synced.
    A full refresh that reimports all users and groups occurs alternative weeks on a Sunday. From the MaaS360 Portal, you can configure the frequency and the day of week to refresh data. The administrator can also trigger a manual full refresh by clicking Refresh.
    Azure AD refresh configuration
    The Azure AD integration window (at Setup > Azure Integration) in the MaaS360 Portal displays the list of configured services, the tenant ID, and the last successful sync times.
    Azure AD integration status window
  5. To map the Azure User Attribute to the MaaS360 User Attribute, follow these steps:
    1. Prerequisite: MaaS360 needs the extension attributes from the Azure AD. You must have a user in the Azure AD tenant that is used for the User Visibility configuration with the display name "CustomAttributesUser". This user should contain all the extension attributes that are associated with Azure AD. For procedures on how to create extension attributes and map the attributes to users, see https://msdn.microsoft.com/library/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions.
    2. Click Reload Azure User Attributes to load the Azure User Attributes from Azure AD.
      The MaaS360 User Attributes are populated in the MaaS360 Portal when you add custom attributes.
    3. Click Add Mapping to map the Azure User Attribute to the MaaS360 User Attribute.