Microsoft Entra ID

Microsoft Entra ID, previously known as Microsoft Azure Active Directory (Azure AD), is a multi-tenant cloud-based directory and identity management service from Microsoft. Microsoft Entra ID extends on-premises Active Directory into the cloud. This document describes how to connect IBM watsonx Orchestrate to Microsoft Entra ID and use its skills on watsonx Orchestrate.

Before you begin

  1. Enable the pop-up window on your browser.
  2. You can't connect to a personal account. Use a work or school account instead.
  3. If you don't have a suitable Microsoft Entra ID account, you can sign up for a Microsoft 365 Developer Program account, which gives you full access to Microsoft Outlook, Microsoft SharePoint, and more that you can use for testing with watsonx Orchestrate. For more information about the Microsoft 365 Developer Program, see the Developer Program FAQ.

Connecting to Microsoft Entra ID

Connect to the app according to the credential type that you or your team want to use.

If you want to connect the app to the Orchestrate Agent skill set, skill sets from AI assistants, or the Team skill set with Team credentials, refer to Managing app connections.

If you want to connect to the app to the Personal skill set or the Team skill set with Member credentials, refer to Connecting to apps.

Configuring the connection on watsonx Orchestrate SaaS

To connect watsonx Orchestrate to Microsoft Entra ID, complete the following steps:

  1. Click Connect app. It redirects you to sign in to a Microsoft account and authorize the connection. From the authentication page:
  2. Set your Microsoft account email and click Next.
  3. Set your Microsoft account password and click Sign in.
  4. Check the Permissions and click Accept.

After you sign in, watsonx Orchestrate connects to it automatically.

Note: The icon A green check icon appears to show that the app is connected. indicates that the connection was successfully established.

Configuring the connection on watsonx Orchestrate on-premises

To connect watsonx Orchestrate to Microsoft Entra ID, complete the following steps:

  1. Click Connect app.
  2. You are prompted to enter the following connection details:
    • Client ID: Specify the unique identifier generated after the Microsoft Azure app registration is mapped to the specific project requests.
    • Client secret: Specify the application client secret for a project-specific unique application client ID.
    • Access token: Specify the access token generated from the application client ID and client secret.
    • Refresh token: Specify the refresh token generated from the application client ID and client secret.
  3. Click Connect app.
Note: The icon A green check icon appears to show that the app is connected. indicates that the connection was successfully established.

Permissions

To connect watsonx Orchestrate to Microsoft Entra ID, you have to accept the following permission requests:

  • Read and write directory data: Allows the app to read and write data in your organization's directory, such as other users, groups. It does not allow the app to delete users or groups, or reset user passwords.
  • Maintain access to data you have given it access to: Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions.
  • View your email address: Allows the app to read your primary email address.
  • Sign in as you: Allows you to sign in to the app with your work or school account and allows the app to read your basic profile information.

By accepting these permissions you allow watsonx Orchestrate to use your data as specified in the Terms of Service and Privacy Statement. You can change these permissions here.

What to do next

After you connect to the app, you can use the app’s skills. For more information see, Using the chat. To know what skill you can use, see the skills and skill flow column of List of prebuilt apps, skills and skill flows.

Parent topic:

Connecting to apps