Administrators can add user attribute data (e.g. department, city, etc.) automatically by connecting the SWOOP miner to Azure Active Directory. These steps need to be carried out by the O365 Administrator:
Important: These steps require you to create an Azure app registration. This can be avoided by a simpler process by using the SWOOP Analytics Azure app and the steps for that can be found here.
Note: If you need help please email email@example.com .
From the main Azure dashboard (https://portal.azure.com):
- Click on the 'Azure Active Directory' link on the main menu
- Click on 'App registrations'
- Click on '+ New application registration' (at the top).
- Fill in the form entering your miner URL for the 'Sign-on URL' (e.g. https://miner-[yoursite].swoopanalytics.com):
and click on 'Register' (at the bottom of the page).
- On the new page you will see the 'Application (client) ID'. You will need this below.
- Click on 'API Permissions' under the 'Manage' heading on the next screen.
Note: Do not delete existing User.Read permission which is added by default.
- Click '+ Add a permission'.
- Click 'Microsoft Graph' (the large box at the top).
- Click 'Application Permissions'.
- Find 'User' at the bottom then add permission 'User.Read.All' and click 'Add permissions'.
- Click on 'Grant admin consent for (directory name)'.
- Click on 'Certificates and Secrets' and add a new client secret (you will need this below).
Note: You need the 'Value' (not the Secret ID).
Once the application is created, go to the manifest on the left hand side and find the "publisherDomain" and record this for use below.
Your "API Permissions should now look like this:
SWOOP Miner Setup
In the SWOOP data miner do the following:
- 'Graph API' should be selected next to 'Azure Active Directory Integration'
- Copy the 'Application ID' and key value from Azure to the 'Client ID' and 'Client Secret' on the miner.
- Copy the publisherDomain value from Azure (see step 13 above) to the 'Domain' on the miner.
- Press 'Save Changes/Login'.
Your miner page should look something like this if the operation is successful:
Now select the fields from that you would like to share with SWOOP.
How it works
The SWOOP data miner retrieves data from Azure AD and combines it with the sanitised data. The email field is hashed and is therefore not passed to the SWOOP Analytics Engine.
Please sign in to leave a comment.