Register now!
When:
to
Room:
Room 7
Tags:
development & coding, drupal showcase, other cms / beyond drupal
Track:
m&b icon_new brand
coding & site building
Back to the schedule

Synchronizing an ad hoc subset of my Drupal users with the members of an Azure AD Security Group having one single APP permission given by the Tenant and nothing more

Synchronizing an ad hoc subset of my Drupal users with the members of an Azure AD Security Group having one single APP permission given by the Tenant and nothing more

Rodrigo Panchiniak Fernandes (Rodrigo-panchiniak-fernandes)

To be honest, I would've rather preferred not having had to deal with Azure AD. You know! The Open Source vs. the-other-way-around thing. But once I was asked to do that and was not in a power position to avoid it completely, I tried to make the best out of it. In this session I'm going to say what I did and what I learned in the process, which includes: 1. Azure APP and Security Group. 2. Permissions for reading users in the Tenant. 3. Using Drupal as a Control Panel for those never-going-to be-open-source "cloud" beasts.

Prerequisite
Attending this session is better when you already have some knowledge of web services and API consumption as well as basic Drupal site building concepts such as users and authentication.

Outline
1. Introduction & Context (3 min)

Quick personal anecdote about open-source vs. enterprise ecosystems

Why synchronize Drupal->Azure AD? (Enterprise compliance, hybrid environments)

Key challenge: Minimal permissions philosophy ("Never grant more than needed")

2. Azure AD Setup (6 min)

Creating the Security Group: Purpose and configuration

App Registration: Scopes vs Roles (Application vs Delegated permissions)

Tenant restrictions: Reading users without admin-level access

Least privilege principle in practice: Microsoft.Graph.User.Read.All

3. Drupal Architecture (6 min)

Cron-driven sync vs Form-driven sync

Handling group membership changes in Azure AD

4. Security & Maintenance (3 min)

Token storage best practices (Never as plain text in database)

Handling Azure AD API rate limits

Live Demo & Q&A (2 min)

Quick demo of synchronization flow

Learning Objectives
Design a secure Azure AD integration respecting the principle of least privilege.
Configure Azure App Registrations with precise Microsoft Graph API permissions.
Implement user synchronization using Drupal's automatically via cron and manually via configuration form.
Troubleshoot common authorization challenges in cloud->Drupal integrations.
Evaluate when to use native modules vs custom code for AD integrations

Experience level
Beginner