Skip to main content

Setup users and groups

warning

It is important to follow all the steps in this guide to ensure a successful configuration of Entra ID authentication.

If you encounter any issues, please contact support.

Portal can ingest organizational data—such as users and teams—from your Microsoft Entra ID tenant via the Microsoft Graph API. To do this, you must grant specific permissions to your Azure App Registration and configure the Microsoft Graph provider in Portal.

Configure Permissions for Microsoft Graph in Azure

Portal requires the App Registration to have the following Application permissions (not Delegated) for Microsoft Graph:

  • GroupMember.Read.All
  • User.Read.All

If your organization requires admin consent, ensure these permissions are granted by an administrator.

Configure the Microsoft Graph Provider in Portal

  1. In Config Manager, go to the Catalog plugin.
  2. Scroll to catalog.providers.microsoftGraphOrg and select Option 2
  3. Add a new configuration entry named default
  4. from your Azure App Registration:
    • clientId
    • clientSecret
    • tenantId

Add app credentials

  1. For user.filter add
accountEnabled eq true and userType eq 'member'

Add user filter

  1. For group.filter add
securityEnabled eq false and mailEnabled eq true and groupTypes/any(c:c+eq+'Unified')

Add group filter

  1. Under schedule, set frequency (e.g., 1 hour) and timeout (e.g., 50 minutes).

Add schedule

  1. Click Save changes.

Portal will now begin ingesting and synchronizing user and group data from Microsoft Entra ID.

Next Steps

Your Portal instance should now have users and groups from Okta within the catalog. It is very likely that you will now have multiple providers bringing in users and groups to your catalog which can result in duplicate users and cause conflicts when attempting to sign in.

Follow the next section for how to remove existing users and groups from the catalog and complete this integration.