US English (US)
ES Spanish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

  • Contact Us
English (US)
US English (US)
ES Spanish
  • Home
  • Password Boss Knowledgebase
  • Password Boss Partner Documents
  • DIRECTORY INTEGRATIONS

Connect Azure (Entra) AD to Password Boss

Written by Owen Parry

Updated at July 27th, 2024

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

  • AutoElevate Knowledgebase
    New to AutoElevate? START HERE General & Troubleshooting Managing Rules Integrations Announcements FAQ Sales & Marketing
  • Password Boss Knowledgebase
    Using Password Boss Business Administration Password Boss Partner Documents
  • Changelogs for Autoelevate and Password Boss
  • Current Status
  • Marketing Toolkit
    MSP Marketing & Education Toolkit
+ More

Table of Contents

Syncing groups from Azure Active Directory to Password Boss Using sync Rules to customize Sync Creating a group in Azure AD to sync to Password Boss Create a new application registration Configure API permissions Create a client secret key Copy application ID and tenant ID Specify redirect URIs Install the Azure Active Directory Connector Troubleshooting synchronization

The Password Boss Azure AD connector allows you to create and update a user account in Password Boss directly from Azure AD.

This connector does not synchronize the user's AD password to Password Boss.

Syncing groups from Azure Active Directory to Password Boss

Groups can also be synced to Password Boss. Details are in the Synchronizing Groups article.

 

Using sync Rules to customize Sync

sync rules are used to determine the actions taken in Password Boss when changes are made in Active Directory. Details of the sync rule are in the Sync Rules article.

 

 

Creating a group in Azure AD to sync to Password Boss


The Azure Active Directory connector monitors a group in the Active Directory. When users are added to the group, the user accounts are created in Password Boss. When users are removed from the groups, disabled, or deleted, the user accounts in Password Boss are disabled, although this is a setting you can change in the Sync Rules tab of the connector in the Password Boss Portal.

  1. Create a new security group in Azure AD named Password Boss Users.

 

Create a new application registration


  1. Go to https://portal.azure.com
     
  2. You should be on the Welcome to Azure! page


 

  1. Click Azure Active Directory
     
  2. Click App registrations


     
  3. Click New Registration
     
  4. Name your application Password Boss AD Connector, then In the Supported Accounts Type section, select Accounts in this organizational directory only. On the Redirect URI, select Web and use https://partner.passwordboss.com/azure/callback for the url.


     

Configure API permissions


  1. After saving the new AD connector, you should be on the Overview page for the new connector. Note: Microsoft frequently changes these pages and flows, so you may need to navigate manually to the Overview page, as shown in the screenshot below.
     
  2. Click API Permissions


     
  3. Click Add a permission


     
  4. Select Microsoft Graph


     
  5. Select Application permission


     

You will need to set the following two permissions 

Group -> Group.Read.All


User -> User.Read.All



 

  1. Click Add permission at the bottom
     
  2. Click Grant admin consent for [Org Name], then YES

Create a client secret key


  1. Select the application you created
     
  2. Name your New Client Secret Password Boss AD Connector


     
  3. Under the Supported Accounts Type section, select Accounts in this organizational directory only (YourCompanyName only - Single tenant)
     
  4. Under the Redirect URI (optional) add the following URL https://partner.password Boss.com/azure/callback

    3. Click the Register button to create the application.


     
  5. Name the key Password Boss Secret and set the expiration to 730 days (24 Months)

4. Click Add

5. Copy your secret **Value** now – it is not shown again. We recommend placing the secret **Value** in a digital Note for the Password Boss Partner Portal configuration. You will need the key to finish the configuration on the Password Boss Portal.

 


 

Copy application ID and tenant ID


  1. From the Overview tab of the App registration you just created copy the Application (client) ID and the Directory (tenant) ID. You will need these values to finish the setup on the Password Boss Portal.


Specify redirect URIs


  1. From the Overview screen on the App registration click Add a Redirect URI


  1. Add the following URI: https://portal.passwordboss.com/business/connectors/azure/callback and then click Save
    Text


 

Install the Azure Active Directory Connector


  1. Open the Password Boss Portal.
    • In the Partner Portal, the connector is located on the Connectors tab for each Company.
    • In the User Portal, the connector is located on the Integrations tab.
  2. Click Install


  1. Save the Authentication token for future use and click Next.


 

  1. Enter the client ID, Client Secret, and Tenant, and click Verify Connection


 

  1. You will be redirected to Microsoft in your browser to authorize the connection. Click to provide consent and click Accept.
  2. After successful verification at Microsoft you will see Connection Verified.
  3. Click Next to continue
  4. On the Users & Groups tab click the green button to select the Password Boss Users group that you created in the first section of this guide. The group selected here is the group that will be synchronized to Password Boss. 
    Notes: As a best practice use a dedicated group only used for managing users in Password Boss. Only one group can be selected for synchronization to Password Boss.


  1. Optional - Select Azure groups to sync to Password Boss. Any groups selected will be synchronized to Password Boss as long as the groups contain users who are included in the sync group you specified above. Empty groups will not be synchronized.
  2. Click Next
  3. Review the sync rules. In most cases, the default setting will be the best choice.
  4. Click Save Changes


 

When you return to the connector list in the portal you will see the connector with a status of Waiting for connection.

 

 

Normally this status will transition to Connected within a couple of minutes.

 

 

Users whose accounts were synchronized from Azure AD will show Azure AD in the Managed By column of the Users tab of the portal.

Troubleshooting synchronization


Synchronization runs every minute with Microsoft. If you have made changes in Azure AD that are not being updated in Password Boss follow these troubleshooting steps.

  1. In the Password Boss Portal, what status is shown for the Azure AD connector? 
    Connected means the last connection to Microsoft was successful 
    Unauthorized means you need to reauthorize the Azure AD connector. Edit the connector from the Azure Auth tab and click Verify Connection
  2. Check your Password Boss Users group in Azure AD to confirm the correct users are in the group.
  3. If synchronization seems stuck you can perform a manual synchronization. Select the checkbox next to the connector and from the Actions menu select Synchronize Now.
password boss azure ad

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Active Directory Connector
  • Synchronizing Groups
  • Sync Rules
  • Products
    • Privileged Access Management
    • Password Management
  • Solutions
    • For MSPs
    • For IT Pros
    • By Industry
  • Resources
    • Weekly Demos
    • Events
    • Blog
    • FAQ
  • Company
    • Leadership
    • Culture + Values
    • Careers
    • Awards
    • News & Press
    • Trust Center
    • Distributors
  • Get Pricing
  • Free Trial
  • Request a Demo
  • Support
  • Login
  • Contact
4925 Independence Parkway
Suite 400
Tampa, FL 33634
CALL US (813) 578-8200
  • Link to Facebook
  • Link to Linkedin
  • Link to Twitter
  • Link to Youtube
© 2023 CYBERFOX LLC ALL RIGHTS RESERVED  |  Privacy Policy

Knowledge Base Software powered by Helpjuice

Expand