Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    Home FortiCASB 24.4.b Online Help
    24.4.b
    24.4.b
    24.3.b
    24.3.a
    24.2.a
    24.1.b
    24.1.a
    23.4.a
    23.3.a
    23.2.b
    23.2.a
    23.1.0
    22.4.0
    21.4.0
    21.2.0
    21.1.0
    20.4.1
    20.4.0
    20.3.0
    20.2.0
    20.1.0
    4.2.0
    4.1.0
    2.1.0

    Register FortiCASB with Microsoft Identity Platform

    Register FortiCASB with Microsoft Identity Platform

    In order to use identity and access management compatibilities of Microsoft Entra ID in accessing Office 365 resources, a registered FortiCASB application needs to be created first in the Microsoft Entra admin center.

    Prerequisite

    A Microsoft Entra ID tenant.

    An Office 365 account that has Global Administrator role.

    FortiCASB Application Registration

    1. Sign in to Microsoft Entra Admin Center with an account that has Global Administrator role.
    2. If you have multiple tenants, click on Settings icon in the top menu, then go to Directories + subscriptions to select the tenant which will register the application with.

    3. In the Azure search field, search and go to App registrations.

    4. Click New registration to create a new app registration.
    5. Enter a name for the application.
    6. In Supported account types, select "Accounts in this organizational directory only" to make the application only available to users under the same tenant.

    7. Do not enter anything for Redirect URI (optional).
    8. Click Register to complete the app registration.
    9. After the registration is completed, you will be re-directred to the app registration's Overview pane, record down Application (client) ID and Directory (tenant) ID.

    10. From the side panel, click Certificates & secrets to see Client secrets pane. If you have not setup a client secret yet, create a client secret and record down the Value.

    Continue to Add API Permissions to finish the rest of the configurations.

    Add API Permissions

    1. Click on API Permissions from the side panel to add API permissions.
    2. Click +Add a permission and select Microsoft Graph then select Application permissions type.

    3. Search for the Microsoft Graph permissions from the table below and add them.

    4. Click +Add a permission again and select Office 365 Management APIs, then select Application permissions type.
    5. Search for the Office 365 Management APIs permissions from the table below and add them.
    6. Click Grant admin consent for fortinet to grant consent for the API permissions for all Office 365 account users under the same tenant.


    Microsoft Graph Office 365 Management APIs
    Directory.Read.All ActivityFeed.Read
    Domain.Read.All ActivityFeed.ReadDlp
    Files.ReadWrite.All ServiceHealth.Read
    Group.Read.All
    GroupMember.Read.All
    PrivilegedAccess.Read.AzureAD
    PrivilegedAccess.Read.AzureResources
    Sites.ReadWrite.All
    User.Read
    User.Read.All

    InformationProtectionPolicy.Read.All (This API permission is for Azure Information Protection)

    Make sure all the API permissions are in Granted for fortinet(tenant) status.

    Previous
    Next

    Register FortiCASB with Microsoft Identity Platform

    Register FortiCASB with Microsoft Identity Platform

    In order to use identity and access management compatibilities of Microsoft Entra ID in accessing Office 365 resources, a registered FortiCASB application needs to be created first in the Microsoft Entra admin center.

    Prerequisite

    A Microsoft Entra ID tenant.

    An Office 365 account that has Global Administrator role.

    FortiCASB Application Registration

    1. Sign in to Microsoft Entra Admin Center with an account that has Global Administrator role.
    2. If you have multiple tenants, click on Settings icon in the top menu, then go to Directories + subscriptions to select the tenant which will register the application with.

    3. In the Azure search field, search and go to App registrations.

    4. Click New registration to create a new app registration.
    5. Enter a name for the application.
    6. In Supported account types, select "Accounts in this organizational directory only" to make the application only available to users under the same tenant.

    7. Do not enter anything for Redirect URI (optional).
    8. Click Register to complete the app registration.
    9. After the registration is completed, you will be re-directred to the app registration's Overview pane, record down Application (client) ID and Directory (tenant) ID.

    10. From the side panel, click Certificates & secrets to see Client secrets pane. If you have not setup a client secret yet, create a client secret and record down the Value.

    Continue to Add API Permissions to finish the rest of the configurations.

    Add API Permissions

    1. Click on API Permissions from the side panel to add API permissions.
    2. Click +Add a permission and select Microsoft Graph then select Application permissions type.

    3. Search for the Microsoft Graph permissions from the table below and add them.

    4. Click +Add a permission again and select Office 365 Management APIs, then select Application permissions type.
    5. Search for the Office 365 Management APIs permissions from the table below and add them.
    6. Click Grant admin consent for fortinet to grant consent for the API permissions for all Office 365 account users under the same tenant.


    Microsoft Graph Office 365 Management APIs
    Directory.Read.All ActivityFeed.Read
    Domain.Read.All ActivityFeed.ReadDlp
    Files.ReadWrite.All ServiceHealth.Read
    Group.Read.All
    GroupMember.Read.All
    PrivilegedAccess.Read.AzureAD
    PrivilegedAccess.Read.AzureResources
    Sites.ReadWrite.All
    User.Read
    User.Read.All

    InformationProtectionPolicy.Read.All (This API permission is for Azure Information Protection)

    Make sure all the API permissions are in Granted for fortinet(tenant) status.

    Previous
    Next