Microsoft Entra ID

flare connects to microsoft entra id through an app registration within your tenant, allowing you to check if credentials that flare has flagged as potentially compromised remain active in your entra id system if a credential is confirmed to be active, flare provides a direct link to the corresponding user to mitigate potential security risks required permissions as currently implemented, the microsoft app registration used for the entra id integration must include microsoft graph api application permissions to read directory information at a minimum, the following permission is required directory read all — allows reading basic directory information across the tenant this permission enables the integration to retrieve user and directory data, enrich identity profiles, and support credential validation storylane demo configuration microsoft side app registration navigate to the microsoft entra id configuration blade within your azure portal in the left hand sidebar, under the manage section, select app registrations click new registration in the top action bar provide a descriptive and meaningful name for your new app registration, such as “flare entra id connector ” select the first option, single tenant , to restrict access to accounts within your organization only click register to create the application registration copy the application (client) id value, as you will need it for the “entra client id” field in flare’s entra id configuration ensure that you keep this value confidential copy the directory (tenant) id value , as you will need it for the “entra id tenant id” field in flare’s entra id configuration ensure that you keep this value confidential in the left hand menu, under the manage section, click api permissions click add a permission to grant the app registration the required permissions for each of the following required permissions https //docs flare io/microsoft entra id#dxkgw , select microsoft graph as the api and choose application permissions as the permission type if admin consent is required, ensure that it is granted directory read all in the left hand menu, under the manage section, click certificates & secrets in the client secrets section, click new client secret provide a clear and descriptive name for the new client secret to indicate its purpose set the expiration period for the client secret according to your organization’s security requirements click add to create the client secret copy the secret value , as you will need for the “entra id client secret” field in flare’s entra id configuration ensure that you keep this value secure and confidential microsoft side enterprise apps navigate to the microsoft entra id configuration blade within your azure portal in the left hand sidebar, under the manage section, select enterprise registrations select the app you just configured in the list of all applications select “permissions” from the “security” section of the menu click on the “grand admin consent” button in the popup, confirm your account then review the requested permissions click “accept” to grant them flare side in the left hand sidebar, under the configure section, click tenants choose the tenant for which you want to set up the microsoft entra id integration click entra id configuration in the top right corner enter the application (client) id obtained from the microsoft entra id configuration steps enter the secret value obtained from the microsoft entra id configuration steps into the “entra client id” field enter the directory (tenant) id obtained from the microsoft entra id configuration steps into the “entra id client secret” field click save to apply your configuration changes usage the validation and remediation feature is accessible through the credentials browser ensure that you select the tenant feed , as this feature is only available on a tenant basis select a credential entry from the list to open the details view in the details view, click validate to initiate the validation process the system will perform the validation and display the status you’re all set! related articles