Skip to content

Microsoft Azure AD

This guide helps administrators sync their EntraID directory with an application they want to onboard to their organization. Integrating your application with Entra ID automates user management tasks and ensures access rights stay up-to-date.

This registration sets up the following:

  1. Endpoint: This is the URL where EntraID sends requests to the onboarded app, acting as a communication point between them.
  2. Bearer Token: Used by EntraID to authenticate its requests to the endpoint, ensuring security and authorization.

These components enable seamless synchronization between your application and the EntraID directory.

  1. Open the Admin Portal from the app being onboarded. Select the “Directory Sync” tab to display a list of Directory Providers. Choose “Entra ID” as your Directory Provider. If the Admin Portal is not accessible from the app, request instructions from the app owner.

    Setting up Directory Sync in the admin portal of an app being onboarded: Entra ID selected as the provider, awaiting configuration

    Click “Configure” after selecting “EntraID” to generate an Endpoint URL and Bearer token for your organization, allowing the app to listen to events and maintain synchronization.

    Endpoint URL and Bearer token for your organization.

  2. To send user-related updates to the app you want to onboard, create a new app in Microsoft Entra ID.

    Go to the Microsoft Azure portal and select “Microsoft Entra ID”.

    Microsoft Entra ID in the Azure portal.

    In the “Manage > All applications” tab, click ”+ New application”.

    Adding a new application in Microsoft Entra ID.

    Click ”+ Create your own application” in the modal that opens on the right.

    Creating a new application in Microsoft Entra ID.

    Name the app you want to onboard (e.g., “Hero SaaS”) and click “Create”, leaving other defaults as-is.

    Creating a new application in Microsoft Entra ID.

  3. In the “Hero SaaS” app’s overview, select “Manage > Provisioning” from the left sidebar.

    Configuring provisioning for the "Hero SaaS" app.

    Set the Provisioning Mode to “Automatic”.

    In the Admin Credentials section, set:

    • Tenant URL: Endpoint
    • Secret Token: Bearer Token generated previously

    Setup Provisioning Mode and Admin Credentials.

    In the Mappings section, click “Provision Microsoft Entra ID Users” and toggle “Enabled” to “Yes”.

    Making sure the "Provision Microsoft Entra ID Users" is enabled.

    Making sure the "Provision Microsoft Entra ID Users" is enabled.

    Close the modal and reload the page for changes to take effect.

    Go to “Overview > Manage > Provisioning” and ensure “Provisioning Status” is toggled “On”.

    Making sure the "Provisioning Status" is toggled "On".

    Entra ID is now set up to send events to Hero SaaS when users are added or removed.

  4. In the Hero SaaS Application, go to “Provision on demand”. Input a user name from your user list and click “Provision”.

    Provisioning a user/group on demand.

    Once provisioned, the user should appear in the admin portal, showing how many users have access to the Hero SaaS app.

    Group (Admins) provisioned in the admin portal.