Anchor - Azure AD Integration

Anchor - Azure AD Integration

1. Introduction

In the current architecture, Anchor has the means to sync existing Windows Server Active Directory objects to an Azure Active Directory using ​Azure AD Connect​. Once the objects are synced to your Azure AD, a simple ​Enterprise Application​ on Azure AD allows Anchor to Authenticate and Authorize users.

2. Setup

This section will help you set up an Enterprise Application on Azure AD assuming you already have Azure AD connect setup. If you are looking to set up Azure AD connect please follow this guide​.

a. Azure Enterprise Application:

i. Login to Azure Portal. Login to your Azure Portal with Admin Credentials or with a user who has permissions to create an Enterprise Application.

ii. Navigate to Azure Active Directory Window from the sidebar menu as shown below.



iii. In the Azure Active Directory page locate Enterprise Applications in the options, click on it


iv. You should see all the applications that are currently set up on your domain. Now, click on the New Application button as shown below.


v. In the next window, click on ​the Application you’re developing option.



vi. When you click on ​the Application you’re developing​ option, it will open a small window on the side as shown below. Please

select the option highlighted in the screenshot.


vii. The App Registrations page will open up. Now, click on the New Registration button.


viii. On ​Register an Application​ page, please give an appropriate name for the App and hit Register.





ix. After you hit register, the app will be registered and the new app overview page will open. On this page make a note of the ClientID and Tenant ID.


x. On the app overview page, click on ​the Certificates and Secrets button from the menu bar. Now, click on the New Client Secret

button, give an appropriate name and expiration period when it prompts and click Add.



xi. Make a note of the client secret you created in the previous step and share it with ​hari@datanchor.io​ along with Client ID and Tenant ID.

xii. Provide ​API permissions​ to the newly created App. Click on API permissions from the menu items. Click on ​Add permission​, this will take you to a page with all the possible permissions you can provide an App. Please select​ ​Microsoft Graph​ and then​ ​Application Permissions.​ In the Application Permissions page, you need to select User -> User.Read.All, Group->Group.Read.All, Directory->Directory.Read.All.



Permissions for the Application should look as shown below. Once you verify the permissions please click on Grant Admin consent for anchor.


With the above step, we are done setting up the Application.


    • Related Articles

    • Anchor Recovery Drill

       Requirements  System:  Windows 10 or Windows Server 2016 and above  Pre-Requisites: 1. SQLite precompiled binaries for windows: https://www.sqlite.org/download.html 2. Windows c++ redistributable x64 ...
    • Anchor User menu and features

      This article gives an overview of the user's menu and its features. You will learn: What user permissions are. Which permissions Anchor users have access to. How to access user permissions. What are user permissions? Actions available for users when ...
    • Whitlisting Anchor on Network/Firewall and Antivirus

      Whitelist URLs If your apps have access restrictions configured, you'll have to allow outbound traffics Anchor Urls on Firewall/Network. This enables Anchor to work seamlessly. URLs: <domainname>.anchorservice.datanchor.io ...
    • Anchor Recovery Tool

      Coming Soon.
    • Invalid Access Rules Notification

      This article explains the notification Anchor users will receive when they are not following a file's access fules. You will learn: What access rules are. What the "Invalid Access Rules" notification means. Which available access rules can be placed ...