Configure BlackBerry UEM to synchronize with Azure Active Directory Skip Navigation

Configure 
BlackBerry UEM
 to synchronize with 
Azure
Active Directory

If your organization uses 
Microsoft Azure
Active Directory
, you can connect it to 
BlackBerry UEM
 to create directory user accounts in 
BlackBerry UEM
 by searching for and importing user data from the company directory. Directory users can use their directory credentials to access 
BlackBerry UEM Self-Service
.
You can connect to more than one instance of 
Azure
Active Directory
. If you install the 
BlackBerry Connectivity Node
 you can also connect to an on-premises directory.
  1. Log in to the Azure portal.
  2. Go to 
    Microsoft Azure > Azure Active Directory > App registrations
    .
  3. Click 
    + New registration
    .
  4. In the 
    Name
     field, enter a name for the app.
  5. Select which account types can use the application or access the API.
  6. In the 
    Redirect URI
     section, in the drop-down list, select 
    Web
     and enter 
    http://localhost
    .
  7. Click 
    Register
  8. Copy 
    Application ID
     of your application and paste it to a text file.
    This is the 
    Client ID
     required in 
    BlackBerry UEM
    .
  9. In the 
    Manage
     section, click 
    API permissions
    .
  10. Click 
    + Add a permission
     and perform the following actions: 
    1. Select 
      Microsoft Graph
      .
    2. Select 
      Application permissions
      .
    3. Set the following permissions:
      • Group.Read.All (Application)
      • User.Read (Delegated)
      • User.Read.All (Application)
    4. Click 
      Add permissions
      .
    5. Under 
      Grant consent
      , click 
      Grant admin consent
      .
      You must be a global administrator to grant permissions.
    6. When you are prompted, click 
      Yes
       to grant permissions for all accounts in the current directory.
  11. In the 
    Management
     section, click 
    Certificates and secrets
    . Perform the following actions:
    1. Under 
      Client secrets
      , click 
      New client secret
      .
    2. Type a description for the client secret.
    3. Select a duration for the client secret.
    4. Click 
      Add
      .
    5. Copy the value of the new client secret.
      This is the Client key that is required for 
      BlackBerry UEM
      .
  12. In the management console, click 
    Settings > External integration > + Company directory > Microsoft Azure Active Directory connection
    .
  13. Enter a 
    Directory connection name
     and the 
    Domain
     for your 
    Azure
    Active Directory
    .
  14. Do one of the following: 
    • If this is a new connection to 
      Azure
      , enter the information you copied from the 
      Azure
       portal when you created the enterprise application in 
      Azure
      .
      • Client ID
        : The application ID generated by the 
        Azure
         application registration
      • Client key
        : The client secret generated by the 
        Azure
         application registration
    • If this is an existing connection to 
      Azure
      , click 
      Enable single tenant application registration
       and enter the information you copied from the 
      Azure
       portal when you created the enterprise application in Azure.
      • Client ID
        : The application ID generated by the 
        Azure
         application registration
      • Client key
        : The client secret generated by the 
        Azure
         application registration
  15. Click 
    Continue
    .
  16. Click 
    Save
    .