Connect Microsoft Entra ID
Connect your existing Microsoft Entra ID to SecureAuth IAM to enable secure authentication for your workforce. This integration uses cloud-based API calls to create a connection between SecureAuth IAM and your Microsoft Entra ID directory.
Prerequisites
Before connecting Microsoft Entra ID, complete the configuration steps in the Microsoft Entra ID configuration guide.
You will need these values from your Azure portal configuration:
- Directory Tenant ID - Your Microsoft Entra (Azure AD) tenant ID
- Client ID - The application (client) ID from your Microsoft Entra ID app registration
- Client Secret - The client secret associated with your Microsoft Entra ID application
- Azure Tenant Domain - Your verified domain, such as
company.onmicrosoft.com
Connect Microsoft Entra ID
Step 1: Create new directory
- In your Workforce workspace, go to Authentication > User Stores.
- Click Create New Directory.
Result: The New User Directory page opens. - Select Microsoft Entra ID.
- Click Next.
Step 2: Configure basic settings
Complete the basic connection settings.
Name
Enter a descriptive and unique name for your Microsoft Entra ID connection.
Example: Corporate Entra ID
Domains
Select one or more domains from the list to customize your experience.
Example: company.com, company.onmicrosoft.com
Enable the following based on your requirements:
Inline Factor Provisioning
Prompts users to set up authentication factors (like SMS, email, mobile authentication apps) during the login process.
Inline User Provisioning
Creates users automatically upon successful authentication.
Search Directory for Groups
Looks up user group membership directly from the directory during authentication for policy enforcement.
Step 3: Configure Microsoft Entra ID tenant settings
Expand Entra ID Tenant Settings to add the Microsoft Entra ID tenant information.
Azure Tenant Domain
Enter the verified domain.
Example: company.onmicrosoft.com
Directory Tenant ID
Enter your Azure directory (tenant) ID.
Client ID
Enter the ID of the Entra ID application you registered.
Client Secret
Paste the client secret value for the registered app.
User Identifier Attribute
The attribute from the directory that uniquely matches users.
Default: userPrincipalName | Alternatives: mail, mailNickname
National Cloud Deployment
Set to the regional instance of your Microsoft Entra ID directory. Options are:
- Public (default)
- China
- Germany
- US Government
Step 4: Configure connection settings
Expand Connection Settings to configure timeout and circuit breakder settings.
Timeout
Set a timeout (in seconds) for requests to Microsoft Entra ID.
Default: 30 seconds
Enable optional performance features:
Circuit breaker
Temporarily stop requests to Microsoft Entra ID when repeated errors are detected. Prevents excessive retry attempts when the service is down.
- Volume Threshold – Minimum number of requests in a time window before the error rate is calculated.
- Error Threshold – Percentage of failed requests (out of the total volume threshold) that triggers the circuit to open.
- Time Window – Length of the time window (in seconds) used to evaluate error rates.
- Sleep Window – Duration (in seconds) the system waits before retrying requests after the circuit opens.
Verify Microsoft Entra ID connection
After configuration, confirm the Directory Information panel shows the directory as online and check the Directory Details for successful connection status.
Next steps
After connecting Microsoft Entra ID:
- Configure authentication rules for your workforce
- Set up additional applications for SSO