/
Prerequisites for Entra ID Connect

Prerequisites for Entra ID Connect

Owned by Rick Munoz
Last updated: Feb 13, 2025

Here are the prerequisite steps that need to be completed before configuring the Entra ID Connect app:

To complete Steps 1 & 2 above, you must have a Jira Service Management role as either Assets Administrator or Assets Manager.  

To complete Step 3 above, you must have either Entra ID Application Administrator or Application Developer role in your En.tra ID. Additionally, a Global Administrator or a Privileged Role Administrator will be required to authorize the configuration with the correct permissions.

Prereq Step 1: Choose or Create an Object Schema in Assets

This will hold the data imported from Entra ID. If you have an existing Object Schema type that is used to store device inventory or other configuration items, you may want to consider using that Object Schema.  

When you configure the Entra ID Connect app, the Object Types for the Entra ID data will be created in the Object Schema.  

If you do not have an existing Object Schema that could be used to store Entra ID information, we recommend creating an Object Schema type for storing device or Configuration Item data imported from Intune or other systems.  

Here's an example of creating an Object Schema called "AAD-Imports" that will be configured to contain the Object Type for Intune Device information.  

 

Go to the Asset and Configuration Management page and click on the Create Schema button sign at the top of the schema list.  

image-20240118-220837.png

 

Select create a blank schema.

image-20240118-220943.png

 

Enter the name and other details of the Object Schema ('AAD-Imports' in this example) and hit Create Schema.

image-20240118-221100.png

 

After these two steps, your new Object Schema will be added to the Assets list:  

image-20240118-221209.png

 

For additional information on creating Object Schemas, visit the "Working with Object Schemas" page in the Jira Service Management Support site.  

 

Prereq Step 2: Configure the target Object Schema by creating an Import structure and generating a token 

An Import Token is needed when configuring the Intune Connect app. To get this Token, navigate to the Configuration page of the target Object Schema.  

image-20240118-222144.png

 

On the Object Schema's configuration page, click on the Import Tab and then click on the Create Import button.

image-20240118-225804.png

Select "External Import" from the list of Import Types 

 

Give the import structure a name and click the Create Import button

image-20240118-225846.png

 

Once the new import configuration is created, click on the action menu for the newly created Import and select the "Generate new token".  

image-20240118-230007.png

 

Copy the generated token and store in a safe location. This token will be needed when configuring the app. 

 

 

Prereq Step 3: Create and configure an App Registration in Entra ID

The app requires access to Microsoft's Graph API to import data from Entra ID. An application registration must be created and configured within your Entra ID to provide the credentials and permissions for the Entra ID Connect app to retrieve the device information from the Graph API. 

 To create the application registration, follow the instructions on this page: How to register an app in Microsoft Entra ID - Microsoft identity platform .  Here are some details to adhere to while following these instructions: 

  • Keep all the default settings  

  • Leave the Redirect URL field blank 

  • No platform settings need to be configured 

  • When creating a Client Secret, set an expiration date that meets your organizational security policies (up to 24 months). Subsequently, save and track this expiration date. Before its expiration, create a new Client Secret, which should be used to update the Entra ID Connect app configuration.  

  • Also, save the Client Secret to be copied upon creation and used in the upcoming app configuration. This client secret will not be accessible later (so store it in a secure location). This secret will be needed when configuring the app. 

After following these instructions, copy the generated Application (client) ID and the Directory (tenant) ID shown on the App Registration's Overview page. These two values will also be used when configuring the Entra ID Connect App.  

Configuring Permissions in the Application Registration 

After creating the Application Registration and the Client Secret, add the following permission on the "API permissions" page of the registration:  

 

Steps:

Sub-step 1: Click on "Add a Permission" 

Sub-step 2: In the "Request API Permissions" panel, choose "Microsoft Graph" 

 

Sub-step 3: Click on "Application Permissions" 

Sub-step 4: Search for and select the API permissions required by the App

The permissions required are:

  • Directory.ReadWrite.All

  • Group.ReadWrite.All

  • GroupMember.ReadWrite.All

  • User-PasswordProfile.ReadWrite.All

  • User.EnableDisableAccount.All

  • User.ManageIdentities.All

  • UserAuthenticationMethod.ReadWrite.All

Please note that these permissions provide powerful access and control over both user accounts and security groups. Read the page on Important Security Considerations for additional information.

The screenshot below shows how the “User.EnabledDisableAccount.All” permission is selected

image-20250114-224236.png

After adding all these permissions, your Configured Permissions should look like this:

image-20250114-224810.png

Granting Admin Consent  

Admin Consent now needs to be granted to the application registration. This can only be done by a Global Administrator (or a user with the Privileged Role Management role) of your Microsoft Entra ID.  

The Global Administrator will need to bring up the new Application Registration in the Azure Entra ID Portal, go to the "API permissions" page, click on the "Grant admin consent for <your domain name>" link, and then answer yes to the "Grant admin consent confirmation" pop-up.  

To confirm that admin consent has been granted, go back to the application registration's "API permissions" page. It should now show the status as Granted, as in the following example:

image-20250114-225058.png

Prereq: Gather Resulting information ready for app configuration

After completing these prerequisite steps, you should have the following information ready for use when configuring the app: 

  • The Import Token for the Object Schema in Jira Service Management 

  • From the Microsoft Entra ID Application Registration: 

    • The Application (Client) ID 

    • The Directory (Tenant) ID 

    • The generated Client Secret

Now, you can proceed to Step 1: Configure the Entra ID Connect Settings in the App