Documentation

Entra ID (Azure Active Directory) Access Management

Suggest Edits

Overview

Entra ID (Azure Active Directory) is a cloud service that provides administrators with the ability to manage end-user identities and access privileges. Its services include core directory, access management, and identity protection.

Entitle can manage groups in Entra ID.

Note: In the Azure portal, you can see some groups whose membership and group details you can't manage in the portal:

  • Groups synced from on-premises Active Directory can be managed only in the on-premises Active Directory.
  • Other group types such as distribution lists and mail-enabled security groups are managed only in the Exchange admin center or Microsoft 365 admin center. You must sign in to the Exchange admin center or Microsoft 365 admin center to manage these groups.

This page will provide you with instructions on how to integrate Entitle and Entra ID.

General guidelines

To integrate your Entra ID with Entitle, you will need to:

  • Create an application on Entra ID, and extract Client and tenant IDs.
  • Create a secret, and extract its value.
  • Provide Entitle with adequate permissions for the application.

Set up Entra ID to work with Entitle

Stage 1: Create an application

  1. Go to the Microsoft Azure portal.

  2. Click on Microsoft Entra ID.

  3. Click on the App registrations tab in the left-side menu.

  4. Then, click on New registration.

  5. Give your app a Name and leave the rest as is. Then, click on Register.

  1. Keep your Application (client) ID and Directory (tenant) ID for later. Then, click on Add a certificate or secret on the right side.
  1. Click on New client secret.
  1. In the pop-up window, choose a Description that you will remember and an expiration time of your choice. Keep in mind that you will have to create a new secret and hence a new integration when it expires. Once done, click Add.
  1. Click on the copy icon to copy your new Client Secret Value and keep it for later.

Stage 2: Assign permissions to Graph API

  1. Go to API permissions.
  1. Remove the existing permission by clicking on the "..." on the right, choose remove all permissions, and finally click on the blue Yes, remove button.
478
  1. Now, click on Add a Permission.
  1. Then pick Microsoft Graph.
  1. Choose Application permissions.
  1. Using the search bar that appears, find the following permissions and select them:
Directory.ReadWrite.All,
RoleManagement.ReadWrite.Directory

Example:

1479
  1. When you are done selecting the two permissions, click on Add permissions at the bottom of the screen.
  1. Your screen should now look the same as the following image. Then, click on Grant admin consent for Default Directory > Yes.

Creating the integration in Entitle

All that is left to do is create an integration on the Entitle application.

  1. Log into Entitle and navigate to the Integrations page.
  2. After clicking the Add Integration button, type Microsoft Entra ID - Azure AD in the Application field.
  3. Don’t forget to set the Save on field with your configuration, i.e. your own hosted agent or Entitle’s cloud.
  1. In the Connection JSON, client_id, secret, and tenant, paste the values of the Client ID, Client Secret, and the Directory (tenant) ID from the previous stages.

Example Connection JSON:

{
  "client_id": "The value of Application (client) ID",
  "secret": "The value of Client Secret",
  "tenant": "The value of Directory (tenant) ID"
}
  1. Click Save and you are done!🎉

Updated 30 days ago

What’s Next