Create an Azure AD realm

This task creates a realm (a connection between the Cloud-Delivered Firewall Management Center and a Microsoft Azure AD realm) to enable user and identity control through access control policies.

Note

To perform user and identity control with an Azure AD realm, you need only an access control policy with an associated Azure AD realm. You do not need to create an identity policy.

Before you begin

Complete all of the following tasks:

If you enabled Change Management, you must approve all certificates used in this procedure. Open a new ticket or edit an existing one. For more information, see Create change management tickets and .Policies and objects that support change management

Follow these steps to create an Azure AD realm:

Procedure

Step 1

Click Administration > Integrations > Firewall Management Center and choose (select a management center) > Devices

Step 2

Click Integrations > Identity > Realms > Realms.

Step 3

To create a new realm, click Add Realm > Azure AD.

Step 4

Enter the required information.

Item

Description

Name

(Optional.) Description

Client ID

Enter the information you found as discussed in Get required information For Your Microsoft Azure AD realm.

Client Secret

Tenant ID

Event Hubs Host Name

Event Hub Name

Event Hub Connection String

(Optional.) Excluded User Groups

Enter one or more groups from which to not download users for identity control. Users in these groups will not be available for use in access control policies.

Enter one group name per line followed by a line break. Group names are case-sensitive.

Step 5

Enter the values you found as discussed in Get required information For Your Microsoft Azure AD realm.

Step 6

Click Test.

Step 7

Fix any errors that are displayed in the test.

Step 8

Click Save.

What to do next

Create an access control policy and rule as discussed in Creating a basic access control policy.