Provectus Technologies GmbH

SCA Configuration - AAD filters and groups

SecContacts.AADFilters

This setting is for customizing the querying parameters for AZURE AD contacts.

Secure Contacs App is querying AZURE AD via directory.read.all and will use any AAD account as contact which contains at least an displayname and a bussiness or mobile phonenumber.

Per default it ignores all "external AAD" accounts which have a UPN containing "#EXT#@" as well as the administrator account.

This is basically an "all in" with some default exceptions. With AADFilters you can extend these exceptions.

  • Name: SecContacts.AADFilters

  • Value: [{"property":"<aad-property>", "operator":"<target-operator>", "value":"<target-value>"}]

The Value property is a JSON Array of property operator value trio. You can add one or multiple filter here.

Replace <aad-property> with the AAD property you want to for filter for

  • e.g. userPrincipalName or displayName

Replace <target-operator> with an operator

  • e.g. contains or equals or equalsAny

Replace <target-value> with the value you want to for filter for

  • e.g. administrator or johndoe or #EXT#@

When using the equalsAny operator, provide a list of target-values as one single string with ; as delimiter.

  • e.g. administrator;johndoe;someotheruser

Currently only userPrincipalName and displayName are supported as aad-property.

SecContacts.AADGroups

This setting is for defining an AZURE AD-Group as filter for AAD accounts to be used as contacts.

Instead of using the default "all in" method with some default exceptions via AADFilters, you can use AADGroups to select an AZURE AD-Group. Any AAD account which is members of this group will be selected as AAD contact. An AAD account need to have at least an displayname and a business or mobile phonenumber, otherwise gets ignored.

  • Name: SecContacts.AADGroups

  • Value: [{"name":"<AAD group name>", "value":"<AAD group ID>"}]

The Value property is a JSON Array of name value pairs. Even tho currently you can add one AAD Group only here.

Replace <AAD group name> with the name of the AAD Group

  • e.g. AppMemberGroup

Replace <AAD group ID> with the Object Id of the AAD Group

  • e.g. 15e3a3d2-50a6-43e3-137e-a44316d0b448

Last updated