.png?sv=2022-11-02&spr=https&st=2025-01-27T05%3A05%3A50Z&se=2025-01-27T05%3A15%3A50Z&sr=c&sp=r&sig=aCE9GFidDl1JNq65FGLbSQsB1N602uBXFCkPfFa4hxs%3D){kind=logo}
Synchronizing Entra ID (Azure) Groups to IAP
- 15 Jan 2025
-
DarkLight
-
PDF
Synchronizing Entra ID (Azure) Groups to IAP
- Updated on 15 Jan 2025
-
DarkLight
-
PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
When Itential Platform (IP) is configured to use Microsoft Entra ID (formerly known as Azure Active Directory) as its AAA source, IP permissions can be assigned to users via Entra ID group membership. To do this, Entra ID groups present in the connected tenant are synchronized to IP. An IP administrator can then assign roles to these groups, and users will receive the corresponding permissions when they log in to IP with their Azure credentials.
In this guide, you will learn how to configure the Azure adapter to synchronize Entra ID groups to IP.
Select a Method for Group Tracking
The Azure adapter's group synchronization behavior is controlled by its service configuration -- specifically, by the parameters of the groupSync property, listed below.
| Parameter | Description |
|---|---|
| interval | Required. How often, in seconds, Entra ID groups are synchronized to IP. |
| method | Required. The method used to synchronize Entra ID groups to IP. Available synchronization methods are: • all - Synchronizes all Entra ID groups present in the connected tenant. This can cause performance issues when dealing with a large number of groups. • master - Designates an Entra ID group as the synchronization source. All child groups will be synchronized. • account - Designates an Entra ID account as the synchronization source. Any groups this account is a member of will be synchronized. |
| masterGroup | Only required when using the master method. The Object ID of the Entra ID group to be used as the synchronization source. |
| serviceAccount | Only required when using the account method. The Object ID of the Entra ID account to be used as the synchronization source. |
Figure 1: Azure Adapter Service Configuration
Configure Entra ID Group Synchronization
The exact steps needed to configure group synchronization depend on your environment. In general:
- Optionally, fine-tune the synchronization interval as desired.
- Determine which synchronization method to use based on your needs. For example,
allmay be acceptable for development environments, but is likely to cause performance issues in production environments. - If using the
masteroraccountsynchronization method, retrieve the desired group or account Object ID from Azure, respectively. - Provide this Object ID to
masterGrouporserviceAccountas appropriate.
ⓘ Note:
Object IDs are retrieved from the Azure portal. For further information about Object IDs, refer to the Microsoft Azure documentation.
Figure 2: Azure Object ID
Was this article helpful?
