Skip to main content

Configure the Azure AD Discovery connector

The Azure AD Discovery connector is configured in Snow Integration Manager (SIM). For more information on SIM, refer to Snow Integration Manager.

The Azure AD Discovery connector uses Microsoft's Graph API endpoints to access the directory. In Snow Integration Manager, add the connector and configure the settings.

Set up the Graph API

Configure the Graph API component as below.

  1. In Directory id, paste the directory id as saved in Locate Directory (tenant) ID.

  2. In Application id, paste the application id as saved in Locate Application (client) ID.

  3. In Application secret, paste the client secret as saved in Locate client secret.

  4. In Endpoint, select the desired region. The default endpoint is PublicCloud.

  5. To set up a proxy server, select the desired proxy in Proxy. Proxies can be configured in the Proxy Profiles tab in the Snow Integration Manager main interface.

  6. To check if the connection can be established, select Test connection.

Set up the Devices

Configure the Devices component as:

  1. To include specific join-type device attributes in the snowpacks, select one or more of the options:

    • AAD Registered - Registered to Azure AD without an organizational account to sign in to the device.

    • AAD Joined - Joined only to Azure AD with an organizational account to sign in to the device.

    • AAD hybrid joined - Joined to on-premises AD and Azure AD with an organizational account to sign in to the device.

    For more information on device identities in Azure AD, see Microsoft Entra device identity documentation.

  2. To exclude disabled Azure AD discovery devices when using the connector, select Exclude disabled.

If you do not select the available options in this component, then during aggregation, the connector will not fetch any devices.

Set up the Users

Configure the Users component as below.

  1. To include specific user types in the snowpacks, select one or both of the options:

    • To fetch the users that are synced from the on-premises Active Directory environments, select On-prem synched.

    • To add the cloud-only users to the aggregation:

      1. Find the registry entries for the connector instance at Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Snow Software\Inventory Provider\{Your connector instance}.

      2. Set the GetCloudOnlyUsers entry to True.

      3. Reopen the connector in Snow Integration Manager.

      4. In Substitutes (Domain\SamAccountName), enter a substitute for your Windows domain name such as Azure-only , and select an available identifier to use instead of SamAccountName. Together, these two elements make up the username in Snow License Manager.

        Note

        • Domain and SamAccountName are available only to those synchronized from their on-premises Active Directory.

        • Selecting DisplayName for the SamAccountName enables a dropdown that allows you to choose the format for your DisplayName.

      Caution

      • Cloud-only users may not get matched with the users from inventoried devices and this may result in user duplicates.

      • Also, any substitute values chosen here will be converted to lower-case by the Inventory Server.

  2. Optional: To fill in the UserPrincipalName into the EmailAddresses in snowpacks for when emails are missing, select Use UPN as email if missing.

  3. To exclude disabled Azure AD discovery users when using the connector, select Exclude disabled.

If you do not select the options available in this component, then during aggregation, the connector will not fetch any users.

Set up the Aggregation

Configure the Aggregation component as below.

  1. In the Initial aggregation length (months), select the number of months for the initial aggregation of discovery data.

  2. To reset an ongoing incremental aggregation, select Clear Last Aggregation Date.

Set up the Site name

Configure the Site name component as below.

  • In Name, enter the site name. This overrides the global site name set in Snow Integration Manager.

In this section: