# How to connect to Azure AD

Connecting to Azure Active Directory (Azure AD) on Workato is a multistep process involving configuration steps in the Microsoft Active Directory and Workato.


# Step 1: Create the Workato app on Azure AD

Creating the Workato app on Azure AD consists of the following steps:


# Step 1.1: Register your application

Register your Workato application with Azure AD.

2

Select App registrations.

3

On the resulting page, click + New registration.

4

Name your application. This is the user-facing display name for this application. Microsoft allows you to change this name later.

Register your applicationName your application

5

In Supported account types, select the first option, Accounts in this organizational directory only.

6

In the Redirect URI field, set the platform type to Web and provide the following redirect URI: https://www.workato.com/oauth/callback.

7

The next page displays the details of the newly-created application. Pay attention to the Application (client) ID and the Directory (tenant) ID. You will need these values later to authenticate in Workato.

App registeredTake note of the Application (client) ID and Directory (tenant) ID


# Step 1.2: Assign permissions to your application

Now it's time to assign permissions to our Workato application.

These instructions demonstrate how to grant the minimum permissions necessary to establish a connection with Workato. The permissions you need are variable and based on your use case. See the Azure AD permissions section for additional permissions you may need to assign to your Workato application in order for it to perform optimally.

1

Select API permissions from the left navigation sidebar.

2

Click + Add a permission.

3

Click Microsoft Graph to open the permissions interface.

Open the permissions interfaceOpen the permissions interface

4

Select Application permissions.

Application permissionsSelect application permissions

5

Scroll to User. Add the User.Read.All and User.ReadWrite.All permissions, along with any other necessary permissions.

Add the necessary permissionsSelect the necessary permissions

6

Click Add permissions.

7

You will see these permissions added to Microsoft Graph. However, you will need admin approval to grant them to your application officially.

If you are logged in with an administrator account, click Grant admin consent for Default Directory.

8

Once admin consent is granted, Microsoft updates the Status column to Granted.

Admin consentOnce admin consent is granted, Microsoft updates the Status column


# Step 1.3: Generate a client secret for your application

1

Select Certificates & secrets from the left navigation sidebar.

2

Click + New client secret.

Create a new client secretCreate a new client secret

3

In the interface that appears, provide a description of the secret and determine when the secret will expire.

4

Copy and save the Value in a safe place. This is the only time Azure AD displays this value.


# Step 2: Connect to Azure AD in Workato

Configure the following fields in Workato.

Connect to Azure AD in WorkatoConnect to Azure AD in Workato

1
  • Connection name
  • Name your connection.
2
  • Location
  • Choose a location (folder) for your connection.
3
  • Client ID
  • Provide your Client ID, which Azure refers to as the Application (client) ID. Obtain this value by navigating to Azure portal > App registrations. Select your application and copy the Application (client) ID.
4
  • Client secret
  • Provide your client secret, which Azure refers to as the secret Value. This was obtained in Step 1.3.
5
  • Tenant
  • Provide the directory tenant from which you plan to request permission. Azure refers to this as the Directory (tenant) ID. Obtain this value by navigating to Azure portal > App registrations. Select your application and copy the Directory (tenant) ID.
6

Click Connect.


# Permissions

There are two types of permissions Delegated permissions and Application permissions that you can assign to your application. To perform optimally, Azure Active Directory requires the following Microsoft Graph permissions.

Application permissions
  • Directory.Read.All
  • Directory.ReadWrite.All
  • Group.ReadWrite.All
  • Group.Create
  • Group.Read.All
  • GroupMember.Read.All
  • GroupMember.ReadWrite.All
  • User.ManageIdentities.All
  • User.Read.All
  • User.ReadWrite.All
Delegated permissions
  • Directory.Read.All
  • Directory.ReadWrite.All
  • Directory.AcessAsUser.All
  • Group.ReadWrite.All
  • GroupMember.ReadAll
  • Group.Read.All
  • Group.Read.All
  • GroupMember.ReadWrite.All
  • User.Read
  • User.ReadBasic.All
  • User.Read.All
  • User.ReadWrite.All


Last updated: 7/14/2023, 8:52:02 PM