For customer's using Azure AD, only limited information is provided in the claim received during authentication. If you have configured your on premised Active Directory to synchronise additional fields with Azure AD, then those fields will not be included in the claim token received during the authentication process.
During the implementation phase we can configure your LMS to retrieve this additional data from Azure AD by using the Microsoft Graph API. To enable us to retrieve this information we require you to configure an additional app in your Azure AD environment, and to provide us with additional information.
Please use the following information to create an additional app (App registration) in your Azure AD environment:
- Type: Web app/API
- Display Name: Microsoft Graph API for Agylia (this is a suggestion - any name can be used)
- Home page: https://auth0.com/login
- Required permissions: Application Permissions - Read directory data
- After choosing (and saving) permissions it is essential that you click Grant permissions and provide any credentials/accept any permission requests.
- Reply URLs: https://auth0.com/login
- Keys: We require one key.
After adding the app (App registration), please provide the following information:
- Application ID
- Key expiry date
In addition to the details above, we will also need to know the names of the fields that you would like to retrieve. To assist us with this please also provide the application ID of the Tenant Schema Extension App app in your Azure AD. This is an app created automatically by the directory sync tools provided by Microsoft and the application ID is used as a prefix on custom attributes which you may choose to sync to Azure AD.
Note that if you do not sync a field from your local directory to Azure AD, we will not be able to retrieve the data by using the Microsoft Graph API. In these circumstances, you will either need to configure the attribute to sync, or will need to use an alternative mechanism for obtaining information.