Views:

Integrate with Microsoft Entra ID to authenticate user access attempts and take action on risky account activity.

Important
Important
You cannot configure single sign-on (SSO) from multiple IAMs. Ensure that you configure the necessary permissions and SSO on the IAM you want to use for Private Access and Internet Access authentication.
Operations Dashboard and Zero Trust Secure Access both require data upload permission to ensure certain features function properly. Revoking data upload permission may prevent secure access policy enforcement and risk analysis.

Procedure

  1. Go to Zero Trust Secure AccessSecure Access ConfigurationIdentity and Access Management.
  2. To take direct action on risky accounts and authenticate Private Access and Internet Access rules, grant necessary permissions in the Third-Party Integration app.
    1. Click Grant permissions next to Microsoft Entra ID.
      The Microsoft Entra ID screen opens in a new browser tab.
    2. Locate one or multiple Microsoft Entra ID tenants that you want to grant the "Read directory data and perform account management actions" permissions on, and then click Grant permissions in the Status column for Zero Trust Secure Access.
    3. Follow the onscreen instructions to enable the data connection.
    4. Switch back to the Zero Trust Secure Access browser tab.
    5. Configure your Microsoft Entra ID SSO settings.
  3. To configure risk control rules, you must also grant data upload permission for Microsoft Entra ID in Operations DashboardData source.
    1. Go to the Data Source panel in Operations Dashboard by clicking Data Source in the information that displays when you hover over infoIcon=5ca285cd-10f2-43bc-bcd6-147fcbd4db5a.png in the Data upload permission status column.
    2. If the required Microsoft Entra ID permissions are not granted yet, click Manage permissions and integration settings in Third-Party Integration to open the Microsoft Entra ID screen of the Third-Party Integration app.
    3. Locate the Microsoft Entra ID tenants that you want to grant permissions on, and then click Grant permissions in the Status column for Attack Surface Risk Management.
    4. Switch back to the Microsoft Entra ID Data Source panel and turn on Data upload permission.
    5. Switch back to the Zero Trust Secure Access browser tab.
    Note
    Note
    Once you have configured Microsoft Entra ID as your data source, data begins syncing after 10 minutes. When the full sync is complete, Microsoft Entra ID syncs updates every 8 hours.