Try Auvik Free
Try Auvik Free

How can we help?

  1. Auvik Support
  2. Welcome
  3. Auvik SaaS Management
  4. APIs and Integrations in Auvik SaaS Management

Microsoft Entra ID Identity Management Integration

Avatar
Cristina Kean
Follow

This article provides step-by-step instructions for configuring the Microsoft Entra ID (formerly Azure AD) Identity Management integration for individual clients within Auvik SaaS Management. Once connected, the platform will automatically import users and ingest application event data enabling deeper visibility into user activity and SaaS application usage across the organization.

Why Integrate with Microsoft Entra ID?

Integrating Microsoft Entra ID with Auvik SaaS Management streamlines identity management and enhances visibility into SaaS usage across your organization. Key benefits of the integration include:

  • Simplified User Management: Automatically sync users from Microsoft Entra ID, reducing manual administrative tasks and ensuring user data stays up to date.
  • Improved Application and Event Association: The integration enables more accurate identification and correlation of SaaS applications and events to users based on their Microsoft Entra ID profiles.
  • Group and Department Level Reporting: Leverage Microsoft Entra ID group and department metadata to generate targeted reports, making it easier to analyze access patterns and manage user segments.
  • Richer SaaS Visibility: Ingest application activity and security events tied to Microsoft Entra ID single sign-on (SSO), enabling deeper insight into your SaaS environment and enhanced security posture through comprehensive SSO and MFA coverage reporting.

Prerequisites

Before installing the Entra ID integration, ensure that you have:

  • Required Auvik SaaS permissions to install integrations
    • From the Partner Hub: Default Admin
    • From the Client Hub: Client Admin
  • A valid Microsoft Entra ID tenant account with admin privileges
  • Ability to register applications in Entra ID and grant appropriate permissions
  • App Registration credentials (Client ID, Client Secret, Tenant ID)
  • A dedicated service account for integration (to avoid disruptions if a user account is deactivated)

Before configuring the integration, ensure you have clarity on which users and groups you intend to manage with Auvik SaaS Management. The platform allows you to exclude specific groups, preventing those users from being imported or billed.

Note: Guest users are automatically excluded by default.

The Microsoft Entra ID integration can be configured using SSO or using dedicated Client Credentials. 

If Using Client Credentials

1. Registering an Application

  • Sign in to your Entra ID tenant via Azure portal
  • Navigate to App registrations > New registration

  • Provide a descriptive Name (e.g., “Auvik SaaS Integration”)
  • Select Supported account types:
    • Single-tenant (“Accounts in this organizational directory only”) or
    • Multi-tenant (“Any Microsoft Entra ID directory – Multitenant”) depending on your needs 
  • Leave Redirect URI blank, Click Register 
  • You’ll be redirected to your App’s Overview page where you’ll take note of the Application (client) ID and Directory (tenant) ID to be used in the Integration Setup 

2. Adding Permissions

  • In your registered app, go to API Permissions > Add a permission > Microsoft Graph > Application permissions
  • Add the following required permissions:
    • Directory.Read.All 
    • Group.Read.All 
    • Organization.Read.All 
    • Team.ReadBasic.All 
    • User.Read.All
    • AuditLog.Read.All
  • Select Add Permissions at the bottom of the page
  • These app permissions will need to be approved by an Administrator. Click the Grant Admin consent for Default Directory or if you do not have access, have your local administrator handle this action. 

3. Creating a Client Secret

  • Navigate to Certificates & secrets > New client secret
  • Add a description and expiry as per policy
  • Copy and securely store the secret - it’s only visible once

Configuration & Setup

  1. Navigate to the Microsoft Identity Management Integration
    1. From the Partner Hub > Org Preferences > Integrations > Clients Tab
    2. From the Partner Hub > Clients > Action > Add Integration 

  1. From the Admin Hub > Utilities > Identity Management Integration
  1. Select Configure, then your preferred Integration type: SSO or Manual using Client Credentials 

  1. If using Client Credentials, input the appropriate IDs and secret as outlined in Step 1 and 3 of the Prerequisites
  2. If using SSO, you will need to ensure admin access is granted to the appropriate tenant 

  1. Once the client tenant has been successfully created, you can choose to import all groups or selectively exclude specific groups from the import process. Please note that any user imported through this process will be included in your billable usage. Guest accounts are automatically excluded. 

Upon successful configuration of the integration, a confirmation notification will appear in the bottom-right corner of the screen. A new section will appear within the client’s Tenant Identities and Assets area, allowing you to review Microsoft Entra ID users and groups. Please note that user and application event data may take up to 24 hours to populate within the platform.

 

Editing Microsoft Entra ID Identity Management Users and Groups

Importing a User

From the Microsoft Entra ID Users page within Identities and Assets, you can review all imported users that are currently enabled for data collection.

  • Important: If a user is a member of an excluded group, they will not be eligible for data collection
  • To import a user for data collection, select Import User from the Actions menu
  • Once usage has been detected, the user will appear within the Users page under Identities and Assets

Disabling a User

From the Users page within Identities and Assets, you can review all Auvik SaaS users that are currently, or have previously been, enabled for data collection. Users can be disabled manually, or automatically if they belong to an Identity Management exclusion group.

To disable a user from data collection, select Disable User from the Actions menu.

  • You may need to enable the Expired Users filter in the table to locate the user

  • Expired users are those from whom no activity has been detected in the last 30 days. These users are automatically removed from billing

Excluding a Group

After the initial integration setup, you can further refine which groups are included for data collection by navigating to the Microsoft Entra ID Groups page within Identities and Assets.

  • At this time, groups cannot be reintroduced once excluded
  • To review which users are associated with a group, select View Users from the Actions menu

Leveraging Microsoft Entra ID Groups for Reporting

To segment reports based on Microsoft Entra ID groups, you must first import the desired group for reporting from the Microsoft Entra ID Groups page.

  • Select Import for Reporting from the Actions menu
  • Navigate to the desired report and, where available, use the Select Certain Group option to filter by the imported group

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Auvik System Status

Check system status

Need help?

Submit your question or comment and we'll be in touch.

Send a message

Related articles