Overview
Spendflo integrates with Microsoft Azure AD via Truto to sync the list of apps and their users. This integration also provides usage details for your entire SaaS stack.
Prerequisites
- To begin the installation, you must be a Microsoft Azure administrator. If you have someone in your organization who can create Azure connections, they are likely an administrator.
- For Spendflo to pull sign-in info from Azure AD, it requires you to have a premium license (P1). Without this license, Spendflo cannot retrieve the SaaS applications connected to your Azure Active Directory information.
- The user who connects Azure AD to Spendflo should have a P1 license. That should cost around $6/month
Steps to Integrate
Go to the Spendflo Integrations page by navigating to Settings → Integrations → Available apps.
Scroll to find the Microsoft Azure app under the Available Apps section. Click on Connect to initiate the Integration.
Spendflo now uses Truto to connect your Microsoft account securely. Click on Continue.
On the account connection pop-up, you have 2 ways of authentication. Select the one that adhere's to your organization's security policies
If you select OAuth 2.0, follow these steps
Select the preferred Microsoft account to proceed with the login.
Click on the checkbox to accept consent and permissions as required for the integration. Following this, click on ‘Accept’ to proceed.
Once the integration is successfully completed, users can find the Microsoft Entra ID app under the 'Connected Apps.'
If you select OAuth 2.0 Client Credentials to integrate, you need to create an OAuth app in your Azure Active Directory
Steps to Create OAuth App in Azure Active Directory
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
If you can access multiple tenants, use the Settings icon in the top menu to switch to the tenant where you want to register the application from the Directories + Subscriptions menu.
Navigate to Identity > Applications > App registrations and select New Registration.
Enter a display Name for your application. Users of your application might see the display name when they use the app, for example, during sign-in. You can change the display name at any time. Select Supported account types ( who can use the application). Redirect URI select Web and enter this URI https://api.truto.one/connect/azureactivedirectory/callback
Select Register to complete the initial app registration.When registration finishes, the Microsoft Entra admin center displays the app registration's Overview.
Navigate to API Permissions and click Add a Permission ( and remove User.Read delegated type permission as shown below).
Select Microsoft Graph and click Application permissions to add all required scopes.
Select all these scopes mentioned below and click Add Permissions.
https://graph.microsoft.com/AuditLog.Read.All
https://graph.microsoft.com/Directory.Read.All
https://graph.microsoft.com/Group.Read.All
https://graph.microsoft.com/GroupMember.Read.All
https://graph.microsoft.com/User.Read.All
Grant access to all these scopes for your app as shown below.
Navigate to Certificates & secrets → Client secrets → New client secret.
Copy the Secret value.
Navigate to Overview and copy Client ID & Tenant ID as shown below.
Paste Client ID, Client Secret, Tenant ID values in relevant fields.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article