> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up an Azure Active Directory integration

> C1 provides identity governance and just-in-time provisioning for Azure Active Directory. Integrate your Azure AD instance with C1 to run user access reviews (UARs), enable just-in-time access requests, and automatically provision and deprovision access.

<Tip>
  *A newer version of this connector is available.*\* Azure Active Directory is now Microsoft Entra ID. If you're setting up this integration for the first time, go to [Entra ID integration](/baton/microsoft-entra) to get started.
</Tip>

## Capabilities

* Sync user identities from Azure AD to C1

* Resources supported:
  * Groups
  * User roles
  * Application roles

* Provisioning supported:
  * Application assignment
  * Group membership
  * Role assignment

## Add a new Azure AD connector

<Warning>
  This task requires either the **Connector Administrator** or **Super Administrator** role in C1.
</Warning>

<Steps>
  <Step>
    In C1, navigate to **Integrations** > **Connectors**.
  </Step>

  <Step>
    Search for **Azure AD** and click **Add**.
  </Step>

  <Step>
    Choose how to set up the new Azure AD connector:

    * Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with C1)

    * Add the connector to a managed app (select from the list of existing managed apps)

    * Create a new managed app
  </Step>

  <Step>
    Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.

    <Warning>
      A Azure AD connector owner must have the following permissions:

      * **Connector Administrator** or **Super Administrator** role in C1
      * **Global Administrator** in Azure AD
    </Warning>
  </Step>

  <Step>
    Click **Next**.
  </Step>
</Steps>

### Next steps

* **If you are the integration owner**, proceed to [Integrate your Azure AD instance](/baton/v1/azure#integrate-your-azure-ad-instance) for instructions on integrating Azure AD with C1.

* **If someone else is the integration owner**, C1 will notify them by email that their help is needed to complete the setup process.

## Integrate your Azure AD instance

<Warning>
  A user with the **Connector Administrator** or **Super Administrator** role in C1 and the **Global Administrator** permission in Azure AD must perform this task.
</Warning>

### Step 1: Log in with OAuth

<Steps>
  <Step>
    In C1, navigate to the Azure AD connector by either:

    * Clicking the **Set up connector** link in the email you received about configuring the connector.

    * Navigate to **Connectors** > **Azure Active Directory** (if there is more than one **Azure Active Directory** listed, click the one with your name listed as owner and the status **Not connected**).
  </Step>

  <Step>
    Click **Login with OAuth**.
  </Step>

  <Step>
    Log in and authorize C1 with your Azure AD instance.

    In order for the integration to work properly, you must consent to all permissions:
  </Step>
</Steps>

### Step 2: Grant permissions to the C1 app

<Steps>
  <Step>
    In the Azure AD control panel, go to **Enterprise Applications**.
  </Step>

  <Step>
    Click the **C1 Integration** app (not to be confused with the **C1 SSO** app, which is used to log into C1, not to synchronize your data).

    <Tip>
      If the C1 Integration app doesn't appear in the list of apps right away, wait a minute and click **Refresh**.
    </Tip>
  </Step>

  <Step>
    On the **C1 Integration** page, click **Permissions** on the left side.
  </Step>

  <Step>
    Click **Grant admin consent for ...** on the **C1 Integration** app permissions page.
  </Step>
</Steps>

### Step 3: Complete integration

<Steps>
  <Step>
    Return to the Azure AD integration in C1 by clicking the **Azure Active Directory** tile on the **Integrations** page.
  </Step>

  <Step>
    Click the **Azure Active Directory** connector link that shows today's date in the **Connected on** column.
  </Step>

  <Step>
    Click **Login with OAuth** a second time to complete the process and authorize C1 to obtain an access token with the permissions you've just granted.
  </Step>
</Steps>

**Done.** Your Azure Active Directory connector is now pulling access data into C1.

### What's next?

If Azure Active Directory is your company's identity provider (meaning that it is used to SSO into other software), the integration sync will automatically create applications in C1 for all of your SCIMed software. Before you move on, review the [Create applications](/product/admin/applications) page for important information about how to set up integrations with the SCIMed apps.
