Setting up the Microsoft Cloud Identity Connector
The Azure AD Identity Protection IdP Adapter needs a user’s Microsoft user ID to request their risk information. To make the user ID available, prompt your users authenticate with Microsoft as part of the sign-on flow.
About this task
Follow the Microsoft Cloud Identity Connector documentation to download and configure the Microsoft IdP Adapter, with the following details:
Steps
-
Complete the steps in Deploying the integration files.
-
Complete the steps in Registering PingFederate as an application in Azure with the following details:
-
For Supported Account Types, select Single tenant or one of the Multitenant options.
You can use Microsoft sign on for users with personal accounts or from other domains, but Azure AD Identity Protection risk levels will be available only for users from the "single tenant" domain.
-
-
In Azure, grant risk permissions to your application as shown in the Configure API permissions section of Azure Active Directory Identity Protection and the Microsoft Graph PowerShell SDK in the Azure AD Identity Protection documentation.
-
Complete the steps in Configuring an adapter instance and note your Tenant ID, Client ID, and Client Secret.
You’ll use these same credentials when configuring your Azure AD Identity Protection IdP Adapter in Configuring an adapter instance.
Next steps
Set up the Azure AD Identity Protection Integration Kit by continuing to Deploying the integration files.