🔏Graph Service Principal

Creation and Configuration - step by step

Add Graph Service Principal

Bringing your own "Graph Service Principal" will integrate your Microsoft Entra ID with DataCentral. This integration will enable connection to your internal Active Directory and additionally, external AD users can be invited into your AD system (Entra ID). Optionally, these invitations can be sent to these external users via email.

To create your own Microsoft Graph and add it to DataCentral, please perform all the steps below in the specified order.

You will need following roles within Azure to create an app registration.

• Application Administrator

• Cloud Application Administrator

• Global Administrator

---

Azure Portal

1. Sign in to the Azure Portal.

2. Search for and select App registrations.

Azure Portal

1. Select New registration.

New Application

1. Fill in the required information:

   • Name - Enter a name for your application

   • Supported accounts types - Single tenant

   • (Optional) Redirect URI - Enter a URI if needed

2. Select Register

3. After you register your app, the Application ID is available from the Overview tab. Copy and save the Application ID for later use.

Register Application

1. Select Certificates & secrets.

Certificates & Secrets

1. Select New client secret.

New Client Secret

1. Copy and save the client secret value

Client Secret value

1. Add Microsoft Graph API permissions and then 'Grant admin consent'.

   • GroupMember.ReadWrite.All

   • User.Invite.All

   • User.Read.All

API permissions

---

DataCentral tenant

Under Administration Settings -> Azure Configurations input the values collected from Azure Portal for your Microsoft Graph Service Principal.

• Application (client) ID

• Client Secret

• (Optional) Service Group Object ID

DataCentral Azure Configurations