Configure Office365 connector

Steps to configure the connector:

1.  Login to Cross Identity as an administrator.

Download the CID Agent file

1.  Click Advanced > Download.
2.  Click Download from CID Agent as highlighted in the image.
3. After downloading the CID Agent, follow the steps provided in the guide. After installation, navigate to C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\CIDAgent\WEB-INF\classes and verify parameters.properties file.
4. Make changes for LIC_ENDPOINT, WEB_SOCKET_ENDPOINT, and REST_ENDPOINT as per the URL received for CI.
5. Make changes for CONNECTOR_URL, and CONNECTOR_SOT as per the Apache tomcat port number.
   To utilize the RabbitMq feature, mention PROCESSING METHOD as RABBITMQ. If not required then mention REST. 
6. After making the necessary changes save the file.

Onboard Office365 application in CI

1. To add a required application from the global app store, go to the Applications > click the ‘+’ symbol to add an application.
2. In the AppStore pane, search the Office 365 application. 
3. Once it is displayed, click on it and it will take you to the application configuration window. 
4. Fill out the required details in the Application Configuration tab.
   • Application Name: Provide a name. Example: Office365Connector_IGA1.
   • Connector War name: This is an uneditable field.
   • Application logo: Choose a logo for the application.
5. Click Save.
6. Check for Office365 war file in C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps.
7. If the Office365Connector_IGA1.war file doesn’t exist in the above location, download the war file from CI. (Go to Applications menu > Application Configuration tab > click on Download WarFile)
8. Once the war file is downloaded, place it in C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps and restart the agent.

Application Account Attributes

1. Go to Application Account Attributes and click +Add.
   
2. Select the necessary attributes by checking the appropriate boxes and then click ADD.
   
3. On the next screen, you can see the added application account attributes and map the attributes as per requirement.
4. Select the Mapping method from the drop-down.
   • User Profile Attribute: When you choose this option, you need to define a user attribute that matches with Active Directory.
   • Assigning Group to the user based on expression calculation from UI: 

     Groups can be assigned as per the business logic and the same is achieved by defining expressions in CI as shown below.

5. Evaluation Operation: Select Create, Modify, and Both from the drop-down list to apply the operation on the selected attribute.
6.  Sync with User Profile Attribute: Check the box to sync account attributes with user profile attributes.

Accounts

1. Navigate to Accounts.
2. Select a unique attribute to link to identity and configure it as a display attribute.
3. Click Save.

Entitlements

1. Navigate to Entitlements.
2. Click Entitlement Definition > Add Entitlement Definition.
3.  Enter the following details in the dialog:

   Sr. No.	Entitlement Name	Entitlement Key	Entitlement Value
   1.	Group (could be any user-friendly name)	group	group

4. Entitlement key and value are checked in the connector to fetch group details. As per the schema defined, the group names and its members are fetched and will be displayed in the entitlement tab.
5. Set schema details: In Connector, Attribute Name fields are used to fetch group names and members of that group from respective API responses. Attribute Display name is a user-defined display name. The mapped Attribute is mapped to the Display Name (as we are considering the Display Name as a unique key attribute) which represents the Group name, and the chosen will be displayed in the CI UI entitlement section.

   Sr. No.	Attribute name	Attribute Display Name	Mapped Attribute	Marked Display?
   1	groupName	groupName	Display Name	true
   2	member	member	Display Name	false

   

Add Roles in Cross Identity

1. Navigate to Roles from the menu.
   
2. Click Add Role. The Add Role screen appears.
3. Click ADD.

Application Authorization

1. Navigate to Application Authorization. The application authorization screen is displayed.
   
2. Click Add Role and search for the role added in CI.
   
3. Select the role and click ADD.

Reconciliation

The Recon rule is a must to link the CI identity and its respective account from the Target application using a unique link attribute (like email, employee ID, sAM account name, etc.). Multiple attributes can be considered by choosing the priority.

1. Navigate to Reconciliation.
   
2. Click Run to initiate the recon.

3.