Azure Applications
Introduction
Lucy offers the capability to integrate with Azure for importing users, distribute awareness training via SMTP, and implement the Microsoft Graph API XML reporting plugin. Administrators can synchronize several Azure applications, organized by client, to ensure applications are accessible solely to administrative users associated with the respective client.
Creating an application in Azure
See here for a guide on setting up an application in Entra ID: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app
Redirect URIs
Lucy can sync with Entra ID for a few different purposes. Depending on your use-case you will need to configure the correct URIs:
https://example.com/oauth/
https://example.com/oauth/admin
https://example.com/oauth/user
https://example.com/oauth
https://example.com/login/login.html
https://example.com/new-o365/dist/index.html
https://example.com/oauth
https://login.microsoftonline.com/common/oauth2/nativeclient
https://login.live.com/oauth20_desktop.srf
msal<application_id>://auth
Add an application to Lucy
On this page you can view, add, and delete Azure applications in Lucy.

To add an application, select + Add Application. On the page that follows, fill out the application details:

This is the Lucy client associated with the Azure app registration. Lucy ensures data segregation on a client basis, meaning that all data is containerized within the respective client. This setup guarantees that the app integration remains accessible solely to administrative users for the specified client. Moreover, it enables Managed Security Service Providers (MSSPs) and Partners to integrate multiple Azure tenants for their respective clients, further enhancing security and customization.
After configuring all the parameters mentioned above, proceed by clicking "Save". After saving the application, a new button will appear labeled "Authorize". Click this button to grant the required permissions to your Azure application.
This action will redirect you to the Microsoft authentication page, where you will be asked to provide consent on behalf of your organization. This consent is necessary to establish the connection between Lucy and Azure.

To integrate Lucy with your Azure App Registration, it's essential to have Global Azure Administrative consent for your organization. If the administrator account in Lucy lacks the necessary privileges to grant consent on behalf of the organization, refer to the guide provided below to establish a consent flow in Azure.
What API permissions are required for this integration?

API Permissions explained
OpenID
Delegated
Sign users in
No
offline_access
Delegated
Maintain access to data
No
Delegated
View user's email address
No
User.Read.All
Delegated
Read all users' full profiles
Yes
GroupMember.Read.All
Delegated
Read group memberships
Yes
Last updated
Was this helpful?