DocumentationRelease Notes
Documentation

BeyondTrust Bridge and Microsoft Entra ID | AD Bridge

Suggest Edits

What is BeyondTrust Bridge?

With AD Bridge version 25.1, we are introducing the BeyondTrust Bridge console to support joining Linux systems to Microsoft Entra ID in Provisioned mode.

What is Provisioned mode?

By expanding Entra ID with schema extensions we can manage user and group Identities with Entra ID. See Storage modes for more information.

How is BeyondTrust Bridge useful?

Using BeyondTrust Bridge, you can:

  • Connect to Entra ID
  • Create Entra ID app registrations required for Entra ID integration.
  • Manage Entra ID users and groups

Requirements

The BeyondTrust Bridge relies on Azure CLI to connect and manage the Entra ID app registrations.

Entra ID app registration

We require two Entra ID app registrations that integrate with Microsoft Entra ID.

  • BeyondTrust - Linux Endpoint: is specifically used for Linux systems that will authenticate with Microsoft Entra ID using Device Flow. This enables secure access to Entra ID in Linux based systems and is used for all Entra ID storage modes.

    ℹ️

    The name of the app registration does not affect the functionality of the product. For the purposes of this documentation, we’ll use the default name generated by the BeyondTrust Bridge Entra ID setup.

  • BeyondTrust - Identity Bridge: Define the schema extension ownership and provide secure access to users and groups Linux identity attributes: UID, GID, homeDirectory, loginShell, alias, and comment. This allows for management of Linux identity between Entra ID and Linux systems. This is required for Entra ID Provisioned mode.
    Linux endpoints will be looking for their schema based on the config option SchemaConnectorApplication which defaults to mentioned name.

    ⚠️

    Warning: Risk of orphaned schema extensions

    If the app registration that owns a schema extension is deleted, the schema extension becomes orphaned. This means:

    • No app can update or delete the extension.
    • The extension remains in the directory, but cannot be managed through Microsoft Graph.
    • You cannot reassign ownership to another app.

You can automatically create App Registrations from BeyondTrust Bridge.

Get started

  • Install BeyondTrust Bridge
  • Join a Microsoft Entra ID directory tenant
  • Create additional Linux endpoints

Updated 1 day ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.