Admin Consent for User Synchronization Using Microsoft Graph PowerShell (Modern View)

Objective

Customers who use HENNGE Access Control Directory Sync from HENNGE Access Control to Microsoft 365 are the target audience for user synchronization.

Purpose

HENNGE Access Control Directory Sync grants permissions to add, edit, and delete user information for your Microsoft 365.

Notes

1. The content of this article is based on product specifications as of September 2023 and may be subject to change without notice.

2. HENNGE Access Control administrator privileges are required for actual screen verification and configuration changes.

3. Refer to the following article for how to access the admin console:

Accessing HENNGE Access Control admin console

Detailed Steps and Explanation

Preparatory Check

1. Please refer to the following article to ensure that you can connect from Microsoft Graph PowerShell to Microsoft 365.
Connect to Microsoft 365 from Microsoft Graph PowerShell

1. Configuration of HENNGE Access Control Directory Sync

1.1. Log in to the HENNGE Access Control management screen.

The URL for the HENNGE Access Control management screen is provided in the installation guide HENNGE One Login Information.pdf.

1.1._HENNGE_Access_Control___________________.png

1.2. Select [System] → [Domain Settings].

1.3. Select [Connect HENNGE Directory Sync], and then select [Settings].

sg-domainSettings.png

1.4. Select [Start Settings].

sg-domainSettings_2.png

1.5. Sign in to Microsoft 365 with an account that has [Global Administrator] privileges, and click [Consent].

This will configure [HENNGE Access Control Directory Sync] to be accepted on the Microsoft 365 side.

1.5.Microsoft_365.PNG

1.6. After completion, the PowerShell commands will be displayed as follows:

sg-domainSettings_3_nomarking.png

2. Execution of Microsoft Graph PowerShell

2.1. Execute the Microsoft Graph PowerShell command displayed in step 1.6.

Connect-MgGraph -Scopes "User.ReadWrite.All", "Application.ReadWrite.All", "Domain.ReadWrite.All", "RoleManagement.ReadWrite.Directory" -ErrorAction Stop
$info = Get-MgServicePrincipal -Filter "AppId eq '65d022b7-10c7-479b-b101-06a73bb0c290'"
$DirObject = @{"@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$($info.Id)" }
$aadRole = Get-MgDirectoryRole -Filter "DisplayName eq 'Global Administrator'"
New-MgDirectoryRoleMemberByRef -DirectoryRoleId $aadRole.Id -BodyParameter $DirObject

2.2. When prompted to sign in, sign in to Microsoft 365 with an account that has [Global Administrator] privileges and click [Consent].

2.2.Microsoft_365.png

2.3. Disconnect from Microsoft Graph

Execute the following command to disconnect from Microsoft Graph.

Disconnect-MgGraph

※ With the [Connect-MgGraph] command, authenticated credentials from the previous session will be retained, and you will not be prompted to sign in the next time you start it. Therefore, to ensure disconnection, you need to execute [Disconnect-MgGraph].

3. Confirmation

3.1. Please confirm that there are no error messages in red in the execution result of the Microsoft Graph PowerShell command in step 2.1.

※ If errors occur, please create a capture of the error screen and notify HENNGE One Onboarding Guide / Support contact.

3.2. After confirming that the Microsoft Graph PowerShell command has been executed correctly, click [Complete].

sg-domainSettings_3.png

3.3. Click [Confirm], and then contact HENNGE One implementation personnel or support contact to notify them that the configuration has been completed.

sg-domainSettings_4.png

          
Was this article helpful?