If you wish to delegate Zluri’s Azure AD integration to a non-admin user or group, you can assign them a custom admin role. This method requires more manual configuration but gives greater control over the Zluri features you wish to use.

Prerequisites

• An account with Owner or User access administrator privileges (for creating a custom admin)

• Microsoft Entra ID P1 or Entra ID P2 subscription

Integration steps

Create a custom admin role

1. In the Azure Portal, open one of Management Group, Subscription, or Resource Group (depending on your user case) to which you want to assign the custom role, then open Access Control (IAM).

   
   
2. Click the Roles tab to open the list of the built-in and custom roles.
   
   
3. Search for a role that you want to clone. Click the 3-dot menu towards the right of the row and click Clone. This will open the custom roles editor.
   
   
4. In the Basics tab, write a name and description. Set Baseline permissions to Clone a role.
   
   

   Add the required permissions

   The new role needs the following permissions in Azure to function:

   • Application.Read.All
   • AuditLog.Read.All
   • Directory.Read.All
   • Group.Read.All
   • GroupMember.Read.All
   • IdentityRiskEvent.Read.All
   • IdentityRiskyUser.Read.All
   • Reports.Read.All
   • Sites.Read.All
   • TeamsAppInstallation.ReadForTeam
   • User.Read.All
   • UserAuthenticationMethod.Read.All
     
     
5. To do this, click the Permissions tab, then click ➕ Add permissions.
   
6. Search for the permission mentioned above using the search bar. Then, click a resource provider card that has the permissions you want to add to your custom role, such as Microsoft Billing.
   
   
7. This will display a list of the management permissions for that resource provider. Click Add to append the permission to the role.
   
   
   
   
8. Repeat this for every permission mentioned above.
9. Go to the Review + Create tab, review the permissions, and then click Create.

Unhide user details in Azure AD

By default, user details are hidden for all Microsoft reports. You need to unhide them manually in the admin dashboard so that Zluri can access them. Here’s how:

    10. Visit Admin Center, and navigate to Settings → Org Settings → Services. Select Reports.

11. Uncheck the Display concealed user, group, and site names in all reports checkbox, then save your changes.

Connect the Azure AD instance in Zluri

12. Open the Integrations Catalog, search for “Azure”, and click ➕ Connect on the Azure AD entry.

12. Choose the scopes for the integration, and click Connect. You can click the down-arrow button towards the right of the scope to learn what it does.

? If you don’t have the required permissions, click the Send to a Co-worker button to invite someone who does.

1. You will now see a popup window asking you to authorize the request on Azure AD’s end. Accept the request.
   
   
2. Give the connection a name and description, and you’re ready to go!
   
   
   

Got questions? Feel free to submit a ticket or contact us directly at support@zluri.com.