Create an Azure AD Realm

The following procedure enables you to create a realm (a connection between the management center and a Microsoft Azure AD realm).

Before you begin

Complete all of the following tasks:

If you enabled Change Management, you must approve all certificates used in this procedure. Open a new ticket or edit an existing one. For more information, see Creating Change Management Tickets and .Policies and Objects that Support Change Management

Note

To perform user and identity control with an Azure AD realm, you need only an access control policy with an associated Azure AD realm. You do not need to create an identity policy.

Procedure

Step 1

Click Tools & Services > Firewall Management Center > (select a management center) > Devices.

Step 2

Click Integration > Other Integrations > Realms.

Step 3

To create a new realm, click Add Realm > Azure AD.

Step 4

Enter the following information.

Item

Description

Name

(Optional.) Description

Client ID

Enter the information you found as discussed in Get Required Information For Your Microsoft Azure AD Realm.

Client Secret

Tenant ID

Event Hubs Host Name

Event Hub Name

Event Hub Connection String

(Optional.) Excluded User Groups

Enter one or more groups from which to not download users for identity control. Users in these groups will not be available for use in access control policies.

Enter one group name per line followed by a line break. Group names are case-sensitive.

Step 5

To perform other tasks (such as enable, disable, or delete a realm), see Manage a Realm.

Step 6

Enter the values you found as discussed in Get Required Information For Your Microsoft Azure AD Realm.

Step 7

Click Test.

Step 8

Fix any errors that are displayed in the test.

Step 9

Click Save.

What to do next

Create an access control policy and rule as discussed in Creating a Basic Access Control Policy.