Evo Security syncs with active directory (AAD) via Microsoft Entra admin center.
The service will complete a scan periodically throughout the day, to confirm if there are changes to the users or any new users to be synced to your instance of Evo. The only user details that are synced are first name, last name, and email address. Passwords remain managed by your systems.
Requirements
These instructions assume:
* Organization configured for Microsoft Azure Active Directory.
* You have admin access to the organizations Microsoft Azure Active Directory.
* All users have been created under Microsoft Azure Active Directory.
* All users have a unique email address, specific to their user.
* All users are a member of a group to be synced.
* NOTE: Additional or P1/P2 Azure Licenses are NOT required for EVO Security Sync.
To setup Microsoft Azure Active Directory with Evo, you will use the Azure OAuth Sync. Follow the steps below to easily configure the Evo application in your organizations instance of Microsoft Azure Active Directory.
AzureAD OAuth Sync
On the Evo Portal, in either the Customer Creation flow or on the Directory Creation drawer, choose the Azure AD option. You will notice the following fields are required:
- Evo Directory Name - This is the name that will be displayed in Evo. You are free to name this whatever you choose
- Azure Primary Domain Name or Tenant ID - This information can be found within the Azure Portal on the Entra ID "Home" page. You can use either. See screenshot below
Once the required information is entered, click on the "Authorize on Azure AD" button in the Directory Creation drawer, or the "Next" button in the Customer Creation flow. You will now receive an OAuth popup that requires your Azure Admin user to consent and Auth.
Click Accept on this new pop-up. The directory will now be created! However, we require one more step in the Azure Portal in order for this directory to begin syncing over your groups and users. Let's head back over to the Azure Portal.
In the search bar in Azure AD, search for "Enterprise Applications" and click that.
Once on the Enterprise Applications page, find the app titled Evo Security and click into that one.
Once on the Evo Security Enterprise Application's page, click on the "Permissions" Tab on the Left Nav Menu.
Once on the Permissions page, click on the "Grant admin consent for (your domain)" button. You will need to OAuth once more with an administrative user, but once complete, you're done! Your users will begin syncing during they next AzureAD Sync cycle.
In the main Entra search bar, type in "Microsoft Entra Roles and Administrators" and click that option
Once on the "All Roles" page, you'll now search for the "Global Administrator" role for admin users/all users, or the "Helpdesk Administrator" role for non-admin users within the list of roles. Click on the role of your choice.
Once you have clicked on the role of your choice, click on the "Add Assignment" button.
Depending on if you are using the Classic AzureAD view or the new EntraID View, these following screenshots may differ slightly. Now that you are able to add an assignment, click on the "No Member selected" button under the Add Assignment portion of the page. It should now display a window that will allow you to search for a user or application to add that assignment. Search for "Evo Secure Login" and locate that Enterprise Application. Select that application.
You may now need to provide justification. Make sure the Assignment type selected is "Active" and the "Permanently Assigned" checkbox is clicked so that the assignment does not expire. Once complete, hit assign, and you're done!
Group sync configuration
Now that the configuration is completed, the initial sync will result in ALL users to be synced with Evo unless otherwise specified in the Customer Creation flow.
This may be acceptable, or there may be a specific group(s) you’d like connected, rather than everything.
- In the displayed list of directories, find the new Azure Active Directory just created. Click the pencil icon at the end of the row.
- Uncheck all groups that shouldn’t be syncing users over to Evo. Only the Checked groups will sync with Evo.
- Click Sync Azure Active Directory.
Now that you’ve completed the configuration for Azure Active Directory, your users will be able to authenticate with Evo. And you can go ahead and close that text editor we used earlier, we’re all done with it now.
If you’ve experienced any issues with the configuration, please contact us and we’re happy to help.