Microsoft Entra ID

Overview

Microsoft Entra ID (formerly Azure Active Directory) is a cloud-based identity and access management service that provides secure authentication, authorization, and user management services. Entra ID helps organizations manage user identities across Microsoft and third-party applications, providing single sign-on (SSO), multi-factor authentication (MFA), and comprehensive user lifecycle management.

• Vendor: Microsoft
• Product: Microsoft Entra ID
• Supported environment: Cloud

Configure

How to create an app registration with proper permissions

To connect Microsoft Entra ID to Sekoia.io, you need to create an app registration with the necessary permissions to access Entra ID users and groups. Follow these steps:

1. Sign in to the Azure portal and navigate to Microsoft Entra ID.

   

2. Click App registrations in the left navigation pane, then click New registration.

   

3. Enter a name for the application (e.g., sekoia-user-reader) and click Register.

   

4. Copy the Application (client) ID and Directory (tenant) ID to a safe location. You'll need these values to configure the connector in Sekoia.io.

   

How to generate a client secret

After creating the app registration, you need to generate a client secret for authentication:

1. Click Certificates & secrets in the left navigation pane.

2. Click New client secret to generate a new secret.

   

3. Enter a description for the secret (e.g., sekoia-connector-secret) and select an expiration period, then click Add.

   

4. Copy the Value of the client secret to a safe location. You'll need this secret to configure the connector in Sekoia.io.

   

Warning

• The client secret value is only shown when you create it. If you lose it, you must create a new client secret.
• Store this secret securely and never share it publicly.
• Consider rotating client secrets regularly for security best practices.

Required API permissions

The app registration must have the following permissions to successfully fetch Entra ID users and groups:

{
    "permissions": [
        "User.Read.All",
        "Group.Read.All",
        "Directory.Read.All"
    ]
}

Required Permissions:

• User.Read.All: Read user profiles and attributes
• Group.Read.All: Read group information and memberships
• Directory.Read.All: Read directory data

How to grant API permissions

To grant the required permissions to your app registration:

1. Click API permissions in the left navigation pane.

2. Click Add a permission to add new permissions.

   

3. Select Microsoft Graph as the API.

   

4. Select Application permissions and search for the required permissions:

   • User.Read.All
   • Group.Read.All
   • Directory.Read.All

   

5. Click Add permissions to add the selected permissions.

6. Click Grant admin consent to grant the permissions (requires admin privileges).

Create your asset

To start getting your Microsoft Entra ID users into Sekoia.io, you need to create an asset connector on the Assets page. To do so, follow these steps:

1. Click the Asset connectors button to create a new connector.

   

2. Click the + New connector button.

   

3. Choose Microsoft Entra ID User, give it a name, and fill the required fields:

   

4. Enter the following information:

   • Tenant ID: The Directory (tenant) ID from your app registration
   • Client ID: The Application (client) ID from your app registration
   • Client Secret: The client secret value you generated

5. Test the connection by clicking the Test connector button.

   

6. Click the Create asset connector button.

Further Reading

• Microsoft Entra ID Documentation
• Microsoft Graph API
• Microsoft Graph User API
• Microsoft Graph Groups API
• App Registration Guide