# How to connect to Azure AD
Connecting to Azure Active Directory (Azure AD) on Workato is a multistep process involving configuration steps in the Microsoft Active Directory and Workato.
# Step 1: Create the Workato app on Azure AD
Creating the Workato app on Azure AD consists of the following steps:
- Step 1.1: Register your application
- Step 1.2: Grant your application permissions
- Step 1.3: Generate a client secret for your application
# Step 1.1: Register your application
Register your Workato application with Azure AD.
Log in to the Azure Active Directory (opens new window).
Select App registrations.
On the resulting page, click + New registration.
Name your application. This is the user-facing display name for this application. Microsoft allows you to change this name later.
Name your application
In Supported account types, select the first option, Accounts in this organizational directory only.
In the Redirect URI field, set the platform type to Web and provide the following redirect URI: https://www.workato.com/oauth/callback
.
The next page displays the details of the newly-created application. Pay attention to the Application (client) ID and the Directory (tenant) ID. You will need these values later to authenticate in Workato.
Take note of the Application (client) ID and Directory (tenant) ID
# Step 1.2: Assign permissions to your application
Now it's time to assign permissions to our Workato application.
These instructions demonstrate how to grant the minimum permissions necessary to establish a connection with Workato. The permissions you need are variable and based on your use case. See the Azure AD permissions section for additional permissions you may need to assign to your Workato application in order for it to perform optimally.
Select API permissions from the left navigation sidebar.
Click + Add a permission.
Click Microsoft Graph to open the permissions interface.
Open the permissions interface
Select Application permissions.
Select application permissions
Scroll to User. Add the User.Read.All
and User.ReadWrite.All
permissions, along with any other necessary permissions.
Select the necessary permissions
Click Add permissions.
You will see these permissions added to Microsoft Graph. However, you will need admin approval to grant them to your application officially.
If you are logged in with an administrator account, click Grant admin consent for Default Directory.
Once admin consent is granted, Microsoft updates the Status column to Granted.
Once admin consent is granted, Microsoft updates the Status column
# Step 1.3: Generate a client secret for your application
Select Certificates & secrets from the left navigation sidebar.
Click + New client secret.
Create a new client secret
In the interface that appears, provide a description of the secret and determine when the secret will expire.
Copy and save the Value in a safe place. This is the only time Azure AD displays this value.
# Step 2: Connect to Azure AD in Workato
Configure the following fields in Workato.
Connect to Azure AD in Workato
- Connection name
- Name your connection.
- Location
- Choose a location (folder) for your connection.
- Client ID
- Provide your Client ID, which Azure refers to as the Application (client) ID. Obtain this value by navigating to Azure portal > App registrations. Select your application and copy the Application (client) ID.
- Client secret
- Provide your client secret, which Azure refers to as the secret Value. This was obtained in Step 1.3.
- Tenant
- Provide the directory tenant from which you plan to request permission. Azure refers to this as the Directory (tenant) ID. Obtain this value by navigating to Azure portal > App registrations. Select your application and copy the Directory (tenant) ID.
Click Connect.
# Permissions
There are two types of permissions Delegated permissions and Application permissions that you can assign to your application. To perform optimally, Azure Active Directory requires the following Microsoft Graph permissions.
Application permissions
Directory.Read.All
Directory.ReadWrite.All
Group.ReadWrite.All
Group.Create
Group.Read.All
GroupMember.Read.All
GroupMember.ReadWrite.All
User.ManageIdentities.All
User.Read.All
User.ReadWrite.All
Delegated permissions
Directory.Read.All
Directory.ReadWrite.All
Directory.AcessAsUser.All
Group.ReadWrite.All
GroupMember.ReadAll
Group.Read.All
Group.Read.All
GroupMember.ReadWrite.All
User.Read
User.ReadBasic.All
User.Read.All
User.ReadWrite.All
FURTHER READING
Last updated: 7/14/2023, 8:52:02 PM