Microsoft Azure Active Directory

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:

  • External resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
  • Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.

Azure AD is a valuable source for discovery as it provides not only the ability to discover services and users but also can be leveraged to discover employee and department data.

Integration details


Integration Categories

  • Single Sign-on & CASB System
  • HRIS


Authentication mechanism

  • API

Set up Azure AD

Register new application in Azure AD

  1. Sign in to the Azure portal ( with an Azure administrator account that is also a member of the Global Administrator directory role in your Azure AD tenant.
  2. On the left navigation pane, click Azure Active Directory.

  1. On the Azure Active Directory page, click App registrations.
  1. On the Register an application page, perform the following steps:
    1. In the Name textbox, type LeanIX SMP Discover Integration (it is just a label so it can be anything that will make you identify it relates to LeanIX integration).
    2. Under Supported account types select Accounts in this organizational directory only (Default Directory only - Single tenant)
    3. Click Register at the bottom of the screen.
  1. New configuration panel Request API permissions will display on the right, and select the Microsoft Graph API.
  1. Pick Application permissions and search for Application.Read.All.
  1. Next, click Yes to grant consent for the requested permissions.
  1. The permission status indicator in the API permissions page will change to approved.

  2. Enter Directory (tenant) ID, Application (client) ID, and Client Secret

  3. Click Integrate