Microsoft Entra ID Connector Integration

Integrate Microsoft Entra ID as a Connector in Axiad Mesh to get user data necessary to fill out your environment and for Axiad to find correlations, risks, and gaps in your population.

The integration requires updates on both Entra ID and Axiad Mesh.

Entra ID Configuration Steps

IMPORTANT

These steps are Axiad’s current understanding of the configuration. Since Entra ID is a third-party product, there may be slight variations between your experience and what the guide describes. We work hard to keep things as up to date as possible, but depending on versions in use, latest updates, etc., there may be some mismatches.

If you find any blatant differences or anything that does not make sense, then please provide feedback on this article.

Note

The Entra ID steps are similar for both integrations as an Identity Provider and as a Connector with Axiad Mesh; however, it is important that each integration type has its own enterprise application in Entra ID to ensure that the permissions are assigned accordingly.

Create New Enterprise Application

1. Log into the Microsoft Entra admin center as at least a Cloud Application Administrator

2. Navigate to Identity > Enterprise applications

3. Click New application

4. On the Browse Microsoft Entra Gallery page, click Create your own application

5. In the Create your own application modal, set the name to a friendly name

6. Select Register an application to integrate with Microsoft Entra ID (App you’re developing)

7. Click Create

8. On the Register an application page, set the Name to the friendly name

9. Select Accounts in this organizational directory only (<Microsoft Entra Tenant Name> - Single tenant)

Axiad Recommendation

We recommend that you create and test the integration with Axiad Mesh using a single tenant. Upon success, you can then change this setting to a multitenant environment as needed

10. Click Register

Configure Application Properties

1. In the Entra admin console, navigate to Identity > Enterprise applications > All applications

2. Locate and open your newly created application

3. Under Manage in the menu, select Properties

4. Select Yes for Enabled for users to sign-in?

5. Select Yes for Assignment required?

6. Select No for Visible to users?

7. Click Save

8. Copy the Application ID, as it will be required in the Axiad Configuration Steps

Generate Client Secret

1. In the Entra admin portal, navigate to Identity > Applications > Enterprise applications > All applications

2. Locate and open your newly created application

3. Under Manage in the menu, select Single sign-on

4. On the OIDC-based Sign-on page, click Go to application in the Configure application properties section

5. Under Manage in the menu, select Certificates & secrets

6. Click New client secret

7. On the Add a client secret page, provide a Description, set the Expires to the expiration time, and then click Add

8. Once the secret is created, copy the Value from the Certificates & secrets page

IMPORTANT

You can only copy this value immediately after creating it and it is required for the Axiad Configuration Steps. Be sure to copy this value now because you will not have another opportunity, and you will need to create a new client secret instead.

Add API Permissions

1. From the Certificates & Secrets page, select API Permissions under the Manage menu item

2. Click Add a permission

3. On the Request API permissions page, select Microsoft Graph

4. Select Application permissions for the type of permissions required

5. Under Select permissions, search for and select Application.Read.All

6. Click Add permissions

7. Repeat steps 2 - 6 for the following permission types (instead of Application.Read.All):

   1. AuditLog.Read.All

   2. Directory.Read.All

   3. Group.Read.All

   4. UserAuthenticationMethod.Read.All

   5. UserAuthMethod-Passkey.Read.All

8. On the API permissions page, review the permissions in the table, and then click Grant admin consent for <Microsoft Entra Tenant Name>

9. The Status should update all permissions to Granted

Axiad Mesh Configuration Steps

You can add Entra ID as a connector easily from the Mesh administrative portal.

1. From the homepage, click on the gear icon menu button to get to the Settings page

2. On the Connectors page, click the Add connector button, either in the middle of the page if this is your first connector, or in the top right side of the screen

3. In the new pop-up, set the Name to a friendly name that will appear on the Connectors page

4. Select Microsoft Entra ID from the Provider dropdown

5. Set the Microsoft Entra tenant ID to your Entra environment’s Tenant ID

   • Learn how to find your Tenant ID

6. Set the Application (client) ID to the Application ID value copied from the Configure Application Properties section, step 8 above

7. Set the Client secret value to the Client Secret Value copied in the Generate Client Secret section, step 8 above

8. Click the Test connection button once all values are provided

9. Following a successful test, click Add & connect to complete the configuration

10. Now your Entra ID connector will appear on the Connectors page