Getting started

The first step to integrate FAMOC manage with Azure Active Directory is to register the application in our Azure account. To do this, log in to the portal https://portal.azure.com/ and then from the Azure services we choose Azure Active Directory.




Registering FAMOC manage in Azure


After going to the Azure AD tab, select Application registration from the menu on the left.


Then select the New registration option

In the next step, enter the name of the Application and specify whether accounts from one domain or more domains should have access to it - select single- or multi-tennant. We can also provide the URI to which the user is to be redirected after successful authentication (this is optional and can be done later).

Then configure its permissions. Go to the API permissions tab. 

We can remove the default User delegated permissions by clicking the three dots icon, and then Remove permissions.

Then, we click Add a permission. We select Microsoft Graph and then Application permissions.

In the Directory section, select directory.read.all and confirm by clicking Add permissions.

In the API permissions section it is also required to Grant Admin consent for created app.


Then go to the Certificates & secrets tab to add a new client secret. Click New client secret, enter its description and specify an expiration time.


Then you MUST copy its value (it will not be displayed again).

Then log in to the FAMOC console. Go to your organization's settings, Users & Authorization section and then find the Azure Active Directory integration section. Click Activate.


In the next step, enter the following data downloaded from the Azure portal:

  • Display name (can be any)

  • Application (client) ID

  • Directory (tenant) ID

  • Application secret

Once you click next your integration will be verified.

In the last step you can define the integration settings. First, you can assign attributes from Azure AD to automatically match them with the corresponding values in FAMOC manage (e.g. e-mail address, first name, last name, phone number or job title).

In the next step you can do the same with group attributes.

In the last step, you can also define filters to limit the imported data according to specific parameters and define the synchronization interval (by default 30 minutes, the maximum is 24 hours).


Examples of filters

?$filter=startswith(givenName, 'J')

Entries starting with J

?$filter=displayName in ('GroupName') 

The group name is GroupName

?$filter=id in

('eb816f66-664d-44d7-9baa-0681d2107db5')

Entries belonging to the group with the given ID

$filter=department in ('Retail', 'Sales')

The user belongs to the Retail and Sales groups 


A detailed description of the filter syntax can be found in the Microsoft documentation:

https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter

Additionally, it is also possible to use advanced queries:

https://docs.microsoft.com/en-us/graph/aad-advanced-queries

Microsoft provides a tool to validate the entered filters:

https://developer.microsoft.com/en-us/graph/graph-explorer


To finish the process, click Save and run synchronization.

If everything went ok you will see a short summary of imported users. Follow the next steps to finish the integration.

Correct integration is displayed as follows:



You can click Details to view imported users and groups. You can also Remove integrationSynchronize now regardless of schedule or Edit integration settings.