Skip to main content

Microsoft Entra ID configuration

Use this guide to configure Microsoft Entra ID to allow read and optional write access and connect with Arculix by SecureAuth.

After you complete this configuration, it is ready for integration with Arculix.


  • Have an Application Administrator account in Microsoft Entra ID.


View a simple outline of the steps to configure Microsoft Entra ID for Arculix in the Azure portal.

Task A: Register an application for Arculix

To integrate Microsoft Entra ID with Arculix, you need to register an application in the Azure portal.

  1. Log in to your Azure Account through the Azure portal.

  2. Select Microsoft Entra ID.

  3. Select App registrations and click New registration.

  4. Set a Name and keep the default Supported account types selection option to a single tenant.

  5. Click Register.

Task B: Add API permissions for Arculix

You will need to grant read and write permissions for the Arculix API calls to Microsoft Entra ID.

  1. From the App registrations list, click name of the registered app that you just created.

  2. In the left pane, click API Permissions. Then, click Add a permission.

  3. Select Microsoft Graph.

  4. Click Delegated permissions. Scroll down to find and select the following check boxes:

    • Directory.AccessAsUser.All

    • Directory.Read.All

    • Group.Read.All

    • User.Read

    • User.Read.All

  5. When you are done making your selections for delegated permissions, go to the bottom of the page and click Add permissions.

  6. Click Add a permission again and select Microsoft Graph.

  7. Click Application permissions. Scroll down to find and select the following check boxes:

    • Directory.Read.All

    • Group.Read.All

    • User.Read.All

  8. When you are done making your selections for application permissions, go to the bottom of the page and click Add permissions.

  9. View and verify the list of configured permissions and click Grant admin consent.


Task C: Create the client secret

Create an application secret key for the Arculix connection to Microsoft Entra ID. You will need to provide this client secret to SecureAuth Support for the Arculix side of the configuration.

  1. From the left pane, click Certificates & secrets. Then, click New client secret.

  2. Add a description for the client secret and choose 24 months for the expiration. Then, click Add.

  3. Copy the client secret Value, before it gets masked when you leave the page.

    Note: You will need provide this client secret value to SecureAuth Support.

  4. From the left pane for this app registration, click Authentication.

  5. In the Advanced settings section, select Yes.

  6. Save your changes.

Task D: Get registered application information

For the Arculix side of the configuration, you will need to copy and provide these two values: Application (client) ID and Directory (tenant) ID.

  1. Select Microsoft Entra ID.

  2. Select App registrations.

  3. From the list, click the application name link.

  4. In the Overview section, copy these values:

    Note: You will need these values for SecureAuth Support.

    • Application (client) ID

    • Directory (tenant) ID


Next steps

Contact SecureAuth Support and provide the following Microsoft Entra ID data information that you copied earlier:

  • Application secret key

  • Application (client) ID

  • Directory (tenant) ID

  • Domain name

SecureAuth Support will work with you to help complete this integration in Arculix: Microsoft Entra ID data store integration.