Microsoft Entra ID

flare connects to microsoft entra id through an app registration within your tenant, allowing you to check if credentials that flare has flagged as potentially compromised remain active in your entra id system if a credential is confirmed to be active, flare provides a direct link to the corresponding user to mitigate potential security risks required permissions as of the current implementation, the microsoft app registration used for the entra id integration must have delegated microsoft graph api permissions to read directory information at a minimum, the following permissions are typically required user read — to read user profiles directory read all — to read basic directory information across the tenant these permissions allow the integration to pull user and directory data to enrich identity profiles and support credential validation this ensures that the integration remains minimally intrusive while providing sufficient access to verify the status of identified credentials and facilitate remediation actions storylane demo configuration microsoft side navigate to the microsoft entra id configuration blade within your azure portal in the left hand sidebar, under the manage section, select app registrations click new registration in the top action bar provide a descriptive and meaningful name for your new application registration select the first option, single tenant , to restrict access to accounts within your organization only click register to create the application registration copy the application (client) id value, as you will need it in a later step ensure that you keep this value confidential copy the directory (tenant) id value , as you will need it in a subsequent step ensure that you keep this value confidential in the left hand menu, under the manage section, click certificates & secrets in the client secrets section, click new client secret provide a clear and descriptive name for the new client secret to indicate its purpose set the expiration period for the client secret according to your organization’s security requirements click add to create the client secret copy the secret value , as you will need it in a later step ensure that you keep this value secure and confidential flare side in the left hand sidebar, under the configure section, click tenants choose the tenant for which you want to set up the microsoft entra id integration click entra id configuration in the top right corner enter the application (client) id obtained from the microsoft entra id configuration steps enter the secret value obtained from the microsoft entra id configuration steps enter the directory (tenant) id obtained from the microsoft entra id configuration steps decide whether to enable entra id identity data import when enabled, the integration will automatically pull users, groups, and applications from microsoft entra id to enrich the identity profile with additional contextual information click save to apply your configuration changes usage the validation and remediation feature is accessible through the credentials browser ensure that you select the tenant feed , as this feature is only available on a tenant basis select a credential entry from the list to open the details view in the details view, click verify to initiate the validation process the system will perform the verification and display the status you’re all set! related articles