Skip to main content

Microsoft SSO

Integrating Microsoft SSO with Osano

Connecting to Microsoft SSO


In order for Osano to discover data stored in your systems, we must connect to those data providers via an API. We require, at minimum, read-only access to establish a connection to these providers. Each provider you connect may require different information. Please see the linked vendor documentation for instructions on where and how to obtain this data.


Prerequisites

  • Have your Client ID, Tenant ID and Client Secret ready.
  • Make sure you have the following permissions for your application in your Microsoft Azure portal.
    • Application.Read.All

Steps to create a new application in Microsoft Azure portal

  • Sign in to Microsoft Azure and search for App Registration to open the App Registration blade
  • Next, a new application is created by clicking New registration. During the setup, you provide a name for your app and accept the defaults if you're configuring your app for a single tenant.
  • Once the app is created, you go to Manage > API permissions and add a permission. Specifically, you select Microsoft Graph, Application Permissions, and search for Application.Read.All. After checking the box for that permission, you click Add permissions. You will then need to grant Admin consent.
  • Under Manage > Certificates & Secrets, you select New client secret, provide a description, set an expiration date, and generate the secret. It's important to note that the value of the new secret will disappear if you navigate away from the Certificates & Secrets page, so you should copy these values and store them in a secure location.

Step by step guide

  1. Access Data Mapping Settings:

    • Navigate to the Data Mapping page in the Osano application.
    • Select Sources from the left-hand navigation menu.
  2. Select SSO as Source type

  3. From the available SSO sources, select Microsoft.

  4. Configure Microsoft SSO Integration:

    • Follow the on-screen instructions to configure your Microsoft SSO integration.
    • Enter your Client ID, Tenant ID and Client Secret.
    • Note that for the Scope field, you will need to enter https://graph.microsoft.com/.default.
    • Click Save.

    Microsoft SSO data source

  5. View Microsoft SSO Integration:

    • Once saved, you will see your Microsoft SSO integration in the list of configured SSO sources.
    • Your integration will include apps that already exist in your Microsoft Azure portal.
  6. Click into the Applications to view the applications that synced from Microsoft. Microsoft App

  7. Create a new data store:

    • To proceed with creating a new data store, click on Review.
    • Follow the prompts to create a new data store. Microsoft App review