Entra ID
- 21 Nov 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Entra ID
- Updated on 21 Nov 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
This guide will teach you how to set up the connector between Entra ID (formerly Azure Active Directory) and Clarity Security.
Estimated time to complete: 15 minutes
If you run into any problems, please contact your support team or support@claritysecurity.io.
Before you begin
- An admin will need to Grant Consent to the API permissions in Step 13.
- If you are using Entra Privileged Identity Management, please refer to this article for additionally required scopes: PIM/PAM Entitlement Considerations
How to Setup the Connector
Step 1: Log in to Azure
Step 2: Search for Entra ID
Step 3: Navigate to App Registrations
Step 4: Click New Registration
Click New Registration while on the App registrations page.
Step 5: Configure the Application and Register
Fill out the App registration form using the information below.
- Name: Choose a descriptive name, such as "Clarity-App-Connector"
- Supported account types: Accounts in this organizational directory only
- Redirect URI: Web > https://your-tenant.claritysecurity.io/application/oauthProcessCode/microsoft-entra-id
Step 6: Collect details from the Application Overview
Copy the Application (client) ID and Directory (tenant) ID on the Application Overview screen. You will use these values in Step 19.
Step 7: Click on Certificates & secrets
Step 8: Click New Client secret
Enter a description for the client secret.
Step 9: Copy the Client Secret Value into a secure location
Step 10: In the App, click on View API permissions
Step 11: Select Microsoft Graph
Step 12: Click Application Permissions
Step 13: Search for and assign all of the following API Permissions Click> Add Permissions
- App Catalog - AppCatalog.Read.All
- Application - Application.ReadWrite.All
- Directory - Directory.ReadWrite.All
- Group - Group.Create, Group.ReadWrite.All
- Group Member - GroupMember.ReadWrite.All
- Offline - offline_access
- Role Management - RoleManagement.ReadWrite.Directory
- User - User.Read.All, User.ReadWrite.All
- Administrative Units - AdministrativeUnit.ReadWrite.All
Additional Read Only Scopes for PIM
- PrivilegedEligibilitySchedule.Read.AzureADGroup
- PrivilegedAssignmentSchedule.Read.AzureADGroup
- PrivilegedAccess.Read.AzureADGroup
- PrivilegedAccess.Read.AzureResources
- PrivilegedAccess.Read.AzureAD
Step 14: Verify the API/Permissions match the below screenshot
An admin will need to click Grant admin consent to apply the permissions.
Step 15: Locate and copy your Tenant ID
The Tenant ID will be on the landing page of Entra ID. Copy the Tenant ID to a secure location, you will use this value in Step 19.
Step 16: Log in to Clarity
Step 17: Select Applications and click on Marketplace
Step 18: Search for Entra ID and click Connect
Step 19: Fill out the Connect App form
Details for fields common to all applications can be found in the following article: Common App Configuration Steps
Step 20: Fill out the App Settings form
Details for fields common to all applications can be found in the following article: Common App Configuration Steps
Step 21: Fill out the User Settings form
Details for fields common to all applications can be found in the following article: Common App Configuration Steps
Step 22: Validate Your Selections and Save
Save
Clicking the Save button will trigger the first full sync for your application (even if you selected Manual syncing). This includes Service Users, Entitlements, Service User Entitlements, Service User Attributes.
Need help?
If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.
Was this article helpful?
