1. Home
  2. Integrations
  3. Registering & integrating Lighthouse in Microsoft Entra ID (formerly Microsoft Azure Active Directory)

Registering & integrating Lighthouse in Microsoft Entra ID (formerly Microsoft Azure Active Directory)

OVERVIEW

This article details instructions on how to register and integrate Lighthouse in Microsoft Entra ID (formerly Microsoft Azure Active Directory)

INSTRUCTIONS

REGISTER LIGHTHOUSE IN ENTRA ID

1. Open your Entra ID Portal and select ‘Microsoft Entra ID’

2. On the left, select ‘App registrations’.

3. Click ‘New registration’.

  • Enter the name “Lighthouse Entra ID User Connector”.
  • Select ‘Accounts in this organizational directory only’.
  • You can leave the Redirect URI blank.
  • Click ‘Register’.

4. Once created, click on ‘Certificates & secrets’ in the left-hand menu.

  • Click ‘New client secret’.
  • Provide a name, e.g. “Torque Lighthouse”
  • Set the ‘Expires’ value to the lesser of your Torque Software contract duration or your cybersecurity policy for secret key issuance.
  • Select ‘Add’.
  • When created, click the copy icon and save this value securely somewhere (note: it will not be accessible after you leave this step).

5. Select ‘API permissions’ from the left-hand menu:

  • Click ‘+ Add a permission’.
  • Select ‘Microsoft Graph’.
  • Select ‘Application permissions’.
  • Search for and ‘add’ the following permissions:
  • a) Group.Read.All
  • b) GroupMember.Read.All
  • c) User.Read.All
  • When back on the Configured Permissions view, click ‘Grant admin consent for Torque Software’.
  • SelectYes’ to the confirmation pop-up to grant admin consent.

Entra ID is now successfully configured for your Lighthouse instance.  If you would like to limit the users in your Entra ID tenancy to those in a specific group, follow the steps below.

 

 

RESTRICT LIGHTHOUSE USERS TO A SPECIFIC GROUP

1. Select ‘Home’ in the top left, then ‘Entra ID’.

2. Select ‘Groups’ from the left-hand menu.

3. Select ‘New group’.

  • Leave ‘Group type’ as ‘Security’.
  • Enter “Lighthouse Users” for the ‘Group name’.
  • Enter a meaningful description for your administrative purposes.
  • Click on ‘No members selected’ and add all the relevant users.
  • Click ‘Create’.

 

 

CONFIGURE LIGHTHOUSE TO INTEGRATE WITH Entra ID

Once you have carried out the steps above, you will have everything you need to integrate Lighthouse with Entra ID.

Note: you must be in the Lighthouse Data connection administrators and User and Organisation unit management team groups (found under System Settings, on the Permissions/Workflow tab).

1. Select the Settings cog icon.

2. Select ‘Administration’.

3. Select ‘Import/Export User and Organisational Structure’.

4. Click ‘Add Data Source’.

5. Select ‘Entra ID (Microsoft Graph)’.

From the “Lighthouse Entra ID User Connector” app registration overview page in Entra ID (created in the first section of this document), copy and paste the relevant values into the fields in Lighthouse:

  • Copy and paste the Directory (tenant) ID’.
  • Copy and paste the Application (client) ID’.
  • Paste the Secret value created in step 4 of the first section of this document into the Client secret value’ field.
  • If you configured a group to limit your users in the second section of this document, copy and paste the ‘Object Id’ from the group overview page into the ‘Lighthouse Users Object (group) Id’ field.
  • Click ‘Test Access’ to confirm all works well.

If there is a problem, testing access should let you know what it is, and give you ideas on how to remedy it. If you are unsure how to resolve the problem, please contact helpdesk@torque.software. 

How does the Azure Active Directory Integration determine ‘Old Imports’?

The Lighthouse Azure Active Directory integration will compare the previously pulled dataset with the current dataset. If the dataset differs and contains changes, then Lighthouse will process that dataset as expected. If the dataset doesn’t differ (no changes), then Lighthouse will determine its following action based on the “Import old data” settings for that data source.
If this setting is set to Yes (Import old data), then Lighthouse will process the Azure AD dataset even if it’s unchanged if it’s set to “No, ” it will not process the unchanged dataset. The Azure Active Directory dataset that Lighthouse compares contains the below Azure AD User Attributes;
  • Id
  • AccountEnabled
  • GivenName
  • JobTitle
  • Mail
  • ContactNumbers
  • Surname
  • Department
  • UserPrincipalName
  • UserPrincipalName2
  • CompanyName
  • ManagerEmail
Need Support?
Contact Support