Connect Entra ID tenant

In this post we will see how you can connect Entra ID tenant to your idemeum customer tenant.

Create Entra ID application

Navigate to your idemeum customer tenant that you created with MSP admin portal, i.e. customer1-<msp-domain>.idemeum.com/adminportal
Access Applications and then choose Add app and then choose Managed password app

Now you will be able to set up Entra ID integration:
- Give application a name, i.e. Entra ID - retail customer. This name will be shown to technicians when they access this application from web portal or browser extension.
- Choose the application type to be Web
- Choose Entra ID OIDC credentials
- Click Authorize button. You will need to authenticate with Entra ID admin account and grant permissions to access Entra ID APIs. Once you successfully authorize access, there will be a green checkbox icon next to Authorize button, and we will show what account was used to authorize API access.

Choose how long you want the accounts to be enabled for before technicians need to request access again. The default time is 4 hours.
Enter the domain where you want idemeum to provision technician accounts

❗

We only support managed domains (can be custom domains, or onmicrosoft.com domain). Today we do not support federated domains.

Choose the roles that you want to assign to accounts when they get created. You can choose from the Entra ID default built-in roles, and you can select multiple roles. The easiest is to assign the same role to all technicians using All admins attribute.
- You can create groups in your MSP tenant, assign technicians to these groups and then define what group needs to be assigned to what role, i.e.Level 1 techs to be assigned Global admin role, Level 2 techs to be assigned User admin role, etc. More about the group creation below.