The Certero ITAM connector for Microsoft Intune uses the Microsoft Graph APIs to connect to and retrieve data from Microsoft Intune. The APIs use industry-standard OAuth 2.0 protocols for authentication and authorization.

For more information on what OAuth is and how this flow works between an endpoint server and Microsoft, please see the following link:

Microsoft Identity Platform and OAuth 2.0

In order to create an ITAM Data connector for Microsoft Intune in Certero, there are a number of details you will need to enter. These are:

• Tenant Name

• Client Id

• Client Secret

This document explains how to create these values and use them to pull data into Certero.

Tenant Name in Azure Portal

1. Log into your Azure portal by clicking here.

2. In the portal home page search for Entra (formerly Azure Active Directory):

3. Click on the Microsoft Entra ID link:

4. In the menu select the ‘Custom domain names’ option:

5. A list of available tenants will be shown. This is the value we will use in our connector for ‘Tenant Name’:

Registering an App in the Azure portal

1. We will need to register an App within the Azure portal; this will provide us with the Client Id and Client Secret values we need.

2. Remaining within the Azure Active Directory, from the Manage menu, select the ‘App registrations’ option:

3. Click the ‘New registration’ button:

4. Give the application a meaningful name and select which account types are to be supported (by default Single-tenant will be selected):

5. Click the Register button at the bottom of the form to register the application.

Obtaining a Client ID from an App

Once your app is registered you will automatically be taken to the App registration screen. The top of this screen will show your Application (client) ID. This is the value we will use in our connector so make a note of it:

Note: You can navigate to the App at any time by clicking on the App registrations button from the menu blade or searching for App registrations in the main search bar. Clicking on the App name will open the overview.

Creating a Client Secret for an App

Navigate to the app that was created in the steps above (App Registrations) and click on it to open the properties. Select ‘Certificates & secrets’ menu option.

2. Click the ‘New client secret’ button.

3. Enter a description. Select when the secret should expire and click ‘Add’:

Note: When the client secret expires you will need to create a new one and update your connector in Certero.

4. Your new client secret will be displayed.  Make a note or store the client secret value, it is required in the Certero connector.

Note: This is the only time that the client secret will be shown.  Once you have navigated away from the page you will be unable to retrieve the value and will have to create a new secret:

Adding API permissions

Navigate to the app created in the step above and click ‘API permissions’ from the menu:

2. Click the ‘Add a permission’ button:

3. Select ‘Microsoft Graph’

4. Select Application Permissions:

5. Add the following permissions:

6. Once the required permissions have been selected, click the Add permissions button:

7. Note: Permissions may require admin consent:

8. On the API permissions screen click the ‘Grant admin consent’ button:

Note: You will need to be logged in as either:

• A Global administrator

• An Application Administrator

Create a new ITAM Data Connector

1. In Certero > Connectors > ITAM Data   click the New button.

2. Select Microsoft Intune:

3. Enter a description (optional), the Tenant Name, Client ID and Client Secret, then confirm the Client Secret:

4. Click the Save button