Skip to main content

Connect a Microsoft Entra ID directory

Connect a Microsoft Entra ID directory to Arculix through the admin console. Connecting Microsoft Entra ID allows you to manage user access to resources through your existing Microsoft Entra ID directory.

Prerequisites

Before you begin, complete the configuration steps in the Microsoft Entra ID configuration guide.

You will need these values:

  • Directory Tenant ID – Your Microsoft Entra (Azure AD) tenant ID

  • Client ID – The application (client) ID from your Microsoft Entra ID app registration.

  • Client Secret – The client secret associated with your Microsoft Entra ID application.

  • Azure Tenant Domain – Your verified domain, such as company.onmicrosoft.com.

Add a Microsoft Entra ID directory

  1. In Arculix, click User Directories > Create New Directory.

    arculix_userdirectory_001.png

  2. Configure the basic AD settings.

    Type

    Set to Microsoft Entra ID

    Name

    Enter a unique name to identify this Microsoft Entra ID connection.

    Domain

    Add one or more domains.

    Settings

    Enable the following based on your requirements:

    • Inline Factor Provisioning – Assigns authentication factors to users automatically during their first login.

    • Inline User Provisioning – Creates a user record in Arculix when someone logs in from this directory for the first time.

    • Search Directory for Groups – Looks up user group membership directly from the directory during authentication for policy enforcement.

    arculix_userdirectory_008.png

  3. On the Settings tab, configure the following settings.

    Directory Tenant ID

    Enter your Azure directory (tenant) ID.

    Client ID

    Enter the ID of the Entra ID application you registered.

    Client Secret

    Paste the client secret value for the registered app.

    Azure Tenant Domain

    Enter the verified domain.

    Example: company.onmicrosoft.com

    User Identifer Attribute

    Enter the attribute used to uniquely identify users.

    Default: username

    arculix_userdirectory_009.png

  4. On the Advanced Settings tab, configure the following settings.

    National Cloud Deployment

    Set to the regional instance of your Microsoft Entra ID directory. Options are:

    • Public (default)

    • China

    • Germany

    • US Government

    Timeout

    Set a timeout (in seconds) for requests to Microsoft Entra ID.

    Circuit breaker

    Enable to prevent repeated failed requests when Microsoft Entra ID is unavailable.

    • Circuit breaker volume threshold – Minimum number of requests in a time window before the error rate is calculated.

    • Circuit breaker error threshold – Percentage of failed requests (out of the total volume threshold) that triggers the circuit to open.

    • Circuit breaker time window – Length of the time window (in seconds) used to evaluate error rates.

    • Circuit breaker sleep window – Duration (in seconds) the system waits before retrying requests after the circuit opens.

    arculix_userdirectory_010.png

  5. On the Mappings tab, map the Microsoft Entra ID fields to local fields used in Arculix.

    You can customize or delete default mappings as needed. Use + Add Entry to include additional field mappings.

    Microsoft Entra ID directory field

    Arculix local field

    givenName

    First Name

    surName

    Last Name

    memberOf

    Groups

    businessPhones[0]

    Phone 1 (Work)

    mobilePhone

    Phone 2 (Mobile)

    mail

    Email 1 (Work)

    otherMails[0]

    Email 2 (Personal)

  6. Save your changes.

In this section: