Setting up a link between AAD and

Azure Active Directory Integration: Setting up a link between AAD and

How do I set up a link between Azure Active Directory and the BQIgnite platform?

The user information in, for use across our various applications, can be brought into the platform in the following ways:

This article explains how to add and configure the BQ Ignite application in your Azure Active Directory. This configuration is only required at the organization level (and does not need to be repeated per product). 

Add the BQ Ignite application

Adding the BrandQuantum application into your Azure Active Directory allows the integration between our platform (BQ Ignite) and your Azure Active Directory. This results in your end-users using their Azure Active Directory credentials to automatically authenticate as users in our platform. Additionally, their active directory user information may be utilized to populate their details in (for example) the signature metadata for BrandMail. It is possible that we may connect more than one AAD group and we do support the connection of AAD groups within groups. 

Step 1: Log into your Azure Active Directory

Log in to your Azure Active Directory via the Azure Portal or Office Portal.

Step 2:  Access Admin Application

Once you have logged into the Office Portal go to the admin application at the end of the application list.

Admin Application in Azure Active Directory

Step 3: Show All Applications

Under the Microsoft 365 Admin Centers choose Show All.

AAD Show All

Step 4: Select Azure Active Directory

Under the Admin Centers choose Azure Active Directory.

Azure Active Directory Link

Step 5: Select your AAD

The Azure Active Directory Admin Center browser window will open. Click the Azure Active Directory link in the new window.

AAD Selection in AAD Center

Step 6: Select Applications

Once the Azure Active Directory menu is displayed, click App registrations.

AAD App registrations window

Step 7: New registration

Click the New Registration button to add a new application to your Azure Active Directory.

AAD New Registration

Step 8: Application information

Complete the application information.
Tip: You need only add a single application into Azure Active Directory for all BrandQuantum applications.
We recommend calling the app: BQIgnite Platform.
Click the Register button.

Application Registration Detail Application Registration Detail

Configuring the BQ Ignite application

Step 9: Obtain application details

Once the application has registered, you will be redirected to the application details.

NB: You will need to send us the GUID for the Application (Client) ID and the Directory (Tenant) ID.

Please copy and paste into a TXT file the following Global Unique ID, to share with your BrandQuantum technical contact (make use of the copy to clipboard function, to avoid errors):
  1. Application (client) ID
  2. Directory (tenant) ID
Application ID Details

Step 10: Obtain application secret

Under client secrets, please click New client secret and give it a valid description and set it either to 1 year, 2 years or Never depending on when you want the secret to expire. Click Add once completed and the secret will be added to the application.
This secret needs to be supplied to us as well please.

Application Secret Details

Step 11: Configure API permissions

Click API permissions. In the permissions which have been granted please make sure that Group.Read.All, and  User.Read.All have been granted.

This will allow us to retrieve users for a particular group and import their information into our backend to maintain user licensing and prevent any finger capturing issues. This will also grant users the ability to use their Azure Active Directory credentials and log into our platform using SSO.

API Permissions

Step 12: Expose an API

Expose an API Expose an API
Please ensure that you have copied and pasted the following values into a TXT file to share with the BrandQuantum technical team:
  1. Application (client) ID
  2. Directory (tenant) ID
  3. Application Secret
  4. Active Directory Group Name(s)
For every unique Active Directory Group created for BrandQuantum, please provide the exact name of the group(s). For example, if you have configured two different AAD groups for BrandOffice and BrandMail, you could name the groups: BQ-BrandOffice and BQ-BrandMail.

For any further assistance required please contact: 
    • Related Articles

    • Execute Azure Active Directory Sync

      How to immediately execute an Azure Active Directory job Once your Azure Active Directory Group links have been set up, they will automatically synchronize at the predefined period intervals (the default is 480min, or every 8 hours).  Sometimes, ...
    • Disable or deactivate a user in AAD

      How to disable or deactivate a user in the Azure Active Directory portal This article applies to you if you manage BrandQuantum users in the BQIgnite Admin Platform via an Azure Active Directory group.  Use this when:  A user no longer requires ...
    • BQIgnite | User Reports Available

      User Reports The following reports are available to Administrators: Name Detail Fields Parameters Users Report This report provides you with a full list of users in the system, whether active or not active, as well as the date on which the user was ...
    • Grant AAD permission to use Microsoft credentials for BQIgnite platform authentication

      How to grant AAD permission to use Microsoft credentials for BQIgnite platform authentication If you would like to access the BQIgnite admin console using Microsoft authentication, follow these steps to enable AAD permission to use your Microsoft ...
    • How do I deactivate a user?

      Deactivate a user in BQIgnite Admin Console When users move from your organisation, it may be necessary for you to deactivate them. Users are not deleted in the Admin console due to audit trail requirements.  Only Administrators are able to ...