Skip to main content
The following steps will integrate Microsoft Entra ID by using an Enterprise Application / Application Registration with the below API permissions. Currently setup is limited to using a Service Principal Name (SPN) with a client id, client secret, tenant id, and domain.

Required Permissions

APIPermissions NameTypeDescriptionAdmin Consent Required
Microsoft GraphAuditLog.Read.AllApplicationRead all audit log dataYes
Microsoft GraphDirectory.Read.AllApplicationRead directory dataYes
Microsoft GraphUser.Read.AllApplicationRead all users’ full profilesYes
Microsoft GraphUserAuthenticationMethods.Read.AllApplicationRead all users’ authentication methodsYes

Setting Up Microsoft Entra ID User Integration

In Tier Zero Code, go to “Integrations” and click on the Microsoft Entra ID user integration then enable and configure integration. Image In the Microsoft Entra ID Configuration, you’ll need the following fields:
Client ID
string
required
The application (client) ID from the “Overview” section of your app registration
Client Secret
string
required
The client secret value from the “Certificates and secrets” section of your app registration
Tenant ID
string
required
The directory (tenant) ID from the “Overview” section of your app registration
Tenant Domain
string
required
The primary domain from the “Home” of your Microsoft Entra admin center.