Connect Entra ID tenant
In this post we will see how you can connect Entra ID tenant to your idemeum customer tenant.
Create Entra ID application
- Navigate to your idemeum customer tenant that you created with MSP admin portal, i.e.
customer1-<msp-domain>.idemeum.com/adminportal
- Access
Applications
and then chooseAdd app
and then chooseManaged password app
- Now you will be able to set up Entra ID integration:
- Give application a name, i.e.
Entra ID - retail customer
. This name will be shown to technicians when they access this application from web portal or browser extension. - Choose the application type to be
Web
- Choose
Entra ID OIDC credentials
- Click
Authorize
button. You will need to authenticate with Entra ID admin account and grant permissions to access Entra ID APIs. Once you successfully authorize access, there will be a green checkbox icon next toAuthorize
button, and we will show what account was used to authorize API access.
- Give application a name, i.e.
- Choose how long you want the accounts to be enabled for before technicians need to request access again. The default time is
4 hours
. - Enter the domain where you want idemeum to provision technician accounts
❗
We only support managed domains (can be custom domains, or onmicrosoft.com domain). Today we do not support federated domains.
- Choose the roles that you want to assign to accounts when they get created. You can choose from the Entra ID default built-in roles, and you can select multiple roles.
Save
the configuration.
Create entitlement rule
Once you created Entra ID application you need to entitle it to technicians, meaning you need to allow technicians to access this application. The easiest way is to entitle Entra ID application to All admins
group, and any technician who has access to customer tenant will automatically have access Entra ID application.
- Access
Entitlements
and create a new rule- Give rule a name, i.e.
Entra ID access for all admins
- Choose
Group
for IF condition - Select
All admins
group - Choose the Entra ID application that you created in the previous step
- Give rule a name, i.e.
Now any technician who has access to this customer tenant will be able to request Entra ID accounts.