Skip to main content
Version: 25.4

Configure integration with Entra ID

This guide details the processes necessary to establish integration with Entra ID on the Flexxible platform.

Requirements for integration

For the integration to work correctly, the application ID (App ID) requires Global Reader permission at the Microsoft Entra ID level, Contributor permission at the Azure subscription level, and Owner permission in the resource group where Workspaces is deployed.

Configuration in Microsoft Azure

Integration with Entra ID requires the following steps to be followed in the Microsoft Azure environment:

Create an application registration

  1. Log in to Azure Portal.

  2. Select the tenant if you have access to multiple; to do this, click on Switch directory in the user menu.

    guide_entraid1

  3. Once the subscription is selected, search for Microsoft Entra ID.

    guide_entraid2

  4. To the left of the interface, you will see the following menu:

    guide_entraid3

  5. Click Application registrations -> New registration.

    guide_entraid4

  6. Enter a name to register the application and select the supported account type.

    guide_entraid5-

  7. Click Register to complete the application registration.

  8. Copy and save the Application ID (App ID) and the Directory ID (tenant).

    guide_entraid6

Create a client secret

  1. Access App registrations.

  2. In the menu, click Manage -> Certificates & secrets -> New client secret.

    guide_entraid7

    guide_entraid8

  3. Add a description and in the Expires field, select 24 months.

  4. Click Add.

  5. Microsoft will provide the client secret and the client ID. You need to save these values because they will not be shown again. If not saved, the client secret must be deleted and a new one created to obtain the value.

    guide_entraid10

Configure permissions for the application registration

  1. Log in to Azure Portal.

  2. Click on Microsoft Entra ID.

  3. Click Manage -> Roles and administrators.

    guide_entraid11

  4. Search and select the Global Reader option.

    guide_entraid12

  5. Click on Add assignments and add the application ID (App ID) created in the previous step.

    guide_entraid13

    guide_entraid14

  6. Verify that the application is configured on the main dashboard.

    guide_entraid15

Permissions in the Azure subscription

  1. Log in to Azure Portal.

  2. Click Subscriptions.

    guide_entraid16

  3. Click Access control (IAM) -> Add -> Add role assignment.

    guide_entraid17

  4. In Role -> Function role, search and select Reader.

    guide_entraid18

  5. In Members select the application ID (App ID) created in the previous step.

    guide_entraid19

  6. Review and assign the role.

Configuration in Portal

To perform the integration from Portal, the user must have at least the role of Organization Administrator.

  1. Log in to Portal.

  2. In the user menu, select the organization/tenant where you want to enable the integration.

  3. Go to Settings -> Integrations -> Entra ID section.

    guide_crowdstrike6

  4. Click on Edit and enter the following information:

    • Id. of application (client). Client ID.
    • Secret string. Client secret used for authentication.
    • Id. of directory (tenant). Azure tenant ID.

  5. Click on Save.

    guide_entraid23

For these credentials to be used in sub-organizations, Share credentials with the selected tenants must be enabled; otherwise, new credentials must be created for each sub-organization.