# Microsoft Entra ID

## Grant Operators Access Rights to ServiceChanger.com

After completing the [onboarding process](https://servicechanger.gitbook.io/servicechanger.com/getting-started/how-to-get-started), you can proceed to grant access to ServiceChanger for operators, who are mostly servicedesk employees, IAM engineers, or system administrators.

{% hint style="info" %}
**Note:** For a full overview of roles and their permissions, see [Roles & App Settings](https://servicechanger.gitbook.io/servicechanger.com/general/roles-and-app-settings).

Be aware that there are two available roles: Administrator and Operator. The Administrator role grants full authority to delete and update all users, groups, and user-group relationships, including bulk actions. Therefore, it is crucial to carefully consider who receives this level of access.
{% endhint %}

### How to grant access rights?

1. Open [portal.azure.com](https://portal.azure.com), sign in and navigate towards Azure Entra ID.
2. Go to "Enterpise applications"

<figure><img src="https://1332728329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMTU9Uyx5cjbGdcEsR3N%2Fuploads%2FuhgmISG7d9EYcaDxfcbC%2F2024_02_10_14_53_02_Default_Directory_Microsoft_Azure.png?alt=media&#x26;token=febd4c1e-c3ce-4822-acac-12156a90e456" alt=""><figcaption></figcaption></figure>

3. Now find "Servicechanger.com" and click on it.

<figure><img src="https://1332728329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMTU9Uyx5cjbGdcEsR3N%2Fuploads%2FRljl2A4vJfZg9WZW5cRb%2F2024_02_10_14_53_50_Enterprise_applications_Microsoft_Azure.png?alt=media&#x26;token=c81ed5a3-6127-49e2-8335-67b7ee7a84d0" alt=""><figcaption></figcaption></figure>

4. After opening it, you will find 'Users and Groups' in the left-side menu. Here, you will be able to add users or groups, granting Single Sign-On (SSO) access to ServiceChanger for operators.

<figure><img src="https://1332728329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMTU9Uyx5cjbGdcEsR3N%2Fuploads%2FQj0MsXFnDPWtq1bpNMoH%2F2024_02_10_14_59_50_Servicechanger.com_Microsoft_Azure.png?alt=media&#x26;token=d10663fb-c6d5-49f8-b0c8-93fea478370c" alt=""><figcaption></figcaption></figure>

## Field mapping

Field mapping between Azure Entra ID and ServiceChanger is not customizable; it's intrinsic to the system's design and development.

### Roles

These mappings serve as the foundation for the Attribute-Based Access model.

| Entra ID        | ServiceChanger |
| --------------- | -------------- |
| Job title       | Job title      |
| Department      | Department     |
| Office location | Location       |

<figure><img src="https://1332728329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlMTU9Uyx5cjbGdcEsR3N%2Fuploads%2FsnTCZqMtXNMnlTTOLqic%2F2024_02_09_21_19_37_Axel_Mart_Microsoft_Azure.png?alt=media&#x26;token=14d2d062-893a-44ae-8cad-b93876b155a2" alt=""><figcaption></figcaption></figure>

### Users

| Entra ID            | ServiceChanger      |
| ------------------- | ------------------- |
| First name          | First name          |
| Last name           | Last name           |
| Display name        | Display name        |
| User principal name | User principal name |
| Manager             | Manager             |

### Groups

| Entra ID          | ServiceChanger    |
| ----------------- | ----------------- |
| Group name        | Group name        |
| Group description | Group description |
| Group type        | Group type        |

{% hint style="info" %}
**Note:** See the [API documentation](https://servicechanger.gitbook.io/servicechanger.com/general/api-documentation) for the fields used in the Hybrid Setup - Active Directory.
{% endhint %}

## Authentication

[OAuth 2.0/SSO](https://learn.microsoft.com/en-us/entra/architecture/auth-oauth2): ServiceChanger utilizes OAuth 2.0/SSO for secure authentication processes.

## Authorizations

[Microsoft Graph API](https://learn.microsoft.com/en-us/graph/use-the-api): ServiceChanger leverages the Microsoft Graph API to update Entra ID, facilitating efficient management of user permissions.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://servicechanger.gitbook.io/servicechanger.com/general/microsoft-entra-id.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.