Integrations Hub

the integrations page is your centralized interface for configuring and managing integrations in flare we are currently in the process of re organizing our integration strategy, and in the near future, alert channels will be centralized here as well at this stage, the integrations page supports entra id as the first available integration , with more integrations to come for now, only organization administrators can add integrations overview the integrations page provides a single place to view what’s connected, view the status, and trace activity through audit logs it helps you answer what entra id integrations are configured? are they working correctly? what changes were made, and by whom? you can access the integrations page from the flare sidebar this page lists all configured integrations with their status, giving you quick visibility into your connected systems key features integration list displays all configured integrations with their names and statuses (active, disabled, or error) add integration adding an integration navigate to integrations from the sidebar click add integration in the modal, select microsoft entra id as the integration type fill in the required fields integration name a descriptive name for the integration (e g , entra id ) entra id client id enter the application (client) id from your entra id app registration’s overview page entra id client secret enter the secret value from the app registration certificates & secrets page entra id tenant id enter your organization’s directory (tenant) id from your app registration’s overview page (optional) identity creation automatically create identity identifiers for my synced identities toggle on to sync identities group object id (optional) enter a group id to restrict which identities are created if left blank, all identities will be created identities may take up to 24 hours to appear ⚠️ identity identifiers are created only up to the limit of your package if you’ve reached your identifier limit, entra id synchronization continues, but additional identities are not created contact your customer success manager for more details about this (optional automation) configure credential browser enabled features if available automated validation this will automatically validate new credentials found related to your authorized identity identifiers automated mitigation disable accounts this will automatically test new credentials, if they are confirmed valid, flare will disable the account automated mitigation mark as compromised this will automatically test new credentials, if they are confirmed valid, flare will mark the account as compromised note flare recommends creating a conditional access policy where the user risk is high to remediate these events automated mitigation revoke sessions this will automatically test new credentials, if they are confirmed valid, flare will revoke the sessions of the account with the exception of validation all the above can also be enabled for manual in addition to automated test integration before saving click test integration to validate the configuration if the test passes, you’ll see a confirmation message flare will return an error if the integration is not properly configured common errors include the following invalid parameters the entra id client id, entra id client secret or entra id tenant id may be incorrect the secret has expired or is wrong missing permissions you will need to grant additional permissions to the application you have registered in entra id see table x located at y for list of permissions required by feature the application has not been assigned the proper permissions untested integrations can be saved, but they remain disabled by default click save changes to finalize the configuration always test your integration before saving to ensure it is properly configured and active permissions revoke session user revokesessions all disable account user enabledisableaccount all mark user as compromised identityriskyuser readwrite all (for mark as compromised; this feature also requires a p2 or higher licence for microsoft entra id) if active directory is performing writeback to entra id, it will re enable a disabled account on each writeback therefore if you are using a hybrid deployment with active directory and entra id it is recommended to use a different remediation capability audit logs every entra id integration includes an audit log tab in its details drawer audit logs record events such as creation, deletion, configuration updates, and runtime activity you can search and filter logs by event type, user, date here you can see when a password validation attempt occured and the associated message permissions and control for the integration flare also offers the ability to disable or delete the integration these settings can be selected by the hamburger menu on the integration