Create an application on Azure Active Directory

• Select on the left « App registration »

Set a name, a type of account allowed, and click on Register

Copied the application (client) ID, you will need it to configure Gespage synchronization.

• Click on New client secret

Give a name, an expiration date and click on Add

Copied the secret client value. If you forget it, you can create a new one.

• On the left, select « API permissions »

You must add the following rights

Click on Add a permission

Click on Microsoft Graph

Click on Application permissions and add the following API :

• AccessReview.Read.All
• Directory.Read.All
• Group.Read.All
• GroupMember.Read.All
• User.Read.All

Notice :

1. You can have others permission, to use MUP for exemple
2. If you are not an administrator, you must ask the administrator to consent for adding permissions

The administrator must go on this page and click on the button « grant admin consent »

As soon it is done, refresh the page. API status must be green.

• To the left, select « Manifest »

Set the value allowPublicClient to true and click on register

This setting is necessary to allow the application you have create to connect on the service.

Configure Gespage server to ADDS synchronization

On Gespage, in the menu Server, Configuration/Account management, click on AD/LDAP Synchronization/Azure

Select the Azure synchronization and set the synchronization 

Set the information from Microsoft Azure

• The tenant ID, you will find it under the Azure overview screen
• The Client ID, you will find it under the Azure overview screen
• The Secret Code, this is the value for the secret ID you created on the Azure Certificates & secrets menu
• The Microsoft Azure account credentials use to update the accounts

• Click on approve to save the configuration 

The result will be display on the upper right corner