Entra ID (Azure Active Directory) Access Management | Entitle

Overview

Entra ID (Azure Active Directory) is a cloud service that provides administrators with the ability to manage end-user identities and access privileges. Its services include core directory, access management, and identity protection.

Entitle can manage groups in Entra ID.

ℹ️

In the Azure portal, you can see some groups whose membership and group details you can't manage in the portal:

• Groups synced from on-premises Active Directory can be managed only in the on-premises Active Directory.
• Other group types such as distribution lists and mail-enabled security groups are managed only in the Exchange admin center or Microsoft 365 admin center. You must sign in to the Exchange admin center or Microsoft 365 admin center to manage these groups.

This page will provide you with instructions on how to integrate Entitle and Entra ID.

General guidelines

To integrate your Entra ID with Entitle, you will need to:

• Create an application on Entra ID, and extract Client and tenant IDs.
• Create a secret, and extract its value.
• Provide Entitle with adequate permissions for the application.

Set up Entra ID to work with Entitle

Stage 1: Create an application

1. Go to the Microsoft Azure portal.

2. Click on Microsoft Entra ID.

   

3. Click on the App registrations tab in the left-side menu.

   

4. Then, click on New registration.

   

5. Give your app a Name and leave the rest as is. Then, click on Register.

6. Keep your Application (client) ID and Directory (tenant) ID for later. Then, click on Add a certificate or secret on the right side.

7. Click on New client secret.

8. In the pop-up window, choose a Description that you will remember and an expiration time and click Add.

   

9. Click on the copy icon to copy your new Client Secret Value and keep it for later.

Stage 2: Assign permissions to Graph API

1. Go to API permissions.

2. Remove the existing permission by clicking on the "..." on the right > Remove permission > Yes, remove.

3. Now, click on Add a Permission.

4. Then pick Microsoft Graph.

5. Choose Application permissions.

6. Using the search bar that appears, find the following permissions and select them:

GroupMember.ReadWrite.All
User.Read.All

✅

Example

7. When you are done selecting the two permissions, click Add permissions at the bottom of the screen.
8. Your screen should now look the same as the following image. Then, click on Grant admin consent for Default Directory > Yes.

Create the integration in Entitle

1. Log in to Entitle and go to the Integrations page.
2. After clicking the Add Integration button, type Microsoft Entra ID - Azure AD in the Application field.
3. Don’t forget to set the Save on field with your configuration, i.e., your own hosted agent or Entitle’s cloud.

4. In the Connection JSON, client_id, secret, and tenant, paste the values of the Client ID, Client Secret, and the Directory (tenant) ID from the previous stages.

5. Options field:

   1. If you would like the integration to use the UPN address, set the email_field_name to userPrincipalName:
      JSON

      "options": {
        "email_field_name": "userPrincipalName"
      }
      

   2. If you would like the integration to use the standard email address, set the email_field_name field to email:
      JSON

      "options": {
        "email_field_name": "email"
      }
      

   ℹ️

   If the options field is not provided, the system will default to using the userPrincipalName.

   ✅

   Example connection JSON

   JSON

   {
     "client_id": "The value of Application (client) ID",
     "secret": "The value of Client Secret",
     "tenant": "The value of Directory (tenant) ID",
     "options": {
       "email_field_name": "userPrincipalName"
     }
   }
   

6. Click Save.

✅

What's next?

Make sure your setup is complete by testing your integration.