> For the complete documentation index, see [llms.txt](https://docs.trustlogix.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.trustlogix.io/integrations/attribute-source-connection/azure-ad-or-ms-entra-graph-endpoint.md).
# Azure AD or MS Entra Graph Endpoint
***
### **Configure Azure AD/Entra as an Attribute Source Connection**
#### **1. Access the Attribute Source Connections Page**
1. Log in to the **TrustLogix Dashboard**.
2. Navigate to **Integrations** > **Attribute Source Connections > Add**
***
#### **2. Configure the Connection Details**
> Create a separate application to integrate the graph endpoint as source in TrustLogix. Please follow [prerequisites](#id-3.-follow-the-prerequisite-steps) step to get the required details to complete the integration.
1. **Select Connection Type**
* Choose the external source (e.g., **Azure Active Directory (Azure AD)**).
2. **Enter Connection Details**
* **Configuration Name**: Provide a user-friendly name (e.g., "Azure AD - HR Attributes").
* **Azure Tenant ID**: Enter the unique identifier for the Azure AD tenant.
* **Client ID**: Provide the application Client ID from Azure AD.
* **Client Secret Value**: Enter the secret key for authentication.
> * Get Application(Client) ID and Directory(Tenant) ID from Azure Application Overview page.
>
> Copy Secret value while creating in prerequisites step.
>
> * For hybrid tenants, the Azure Tenant ID, Client ID, and Client Secret are not required. These credentials are stored and managed exclusively on the customer side (e.g., Azure Key Vault or AWS SSM).
3. Enable below options
1. **Sync All Users from Microsoft Entra ID :** Enables automatic addition and synchronization of new, deleted, and disabled users from Microsoft Entra ID. When disabled, only users imported via the console are synchronized.
2. **Delete Inactive or Deleted Microsoft Entra ID Users from Entitlement Table:** When enabled, inactive Microsoft Entra ID users are permanently deleted from the entitlement table. When disabled, only a soft delete occurs.
***
#### **3. Follow the Prerequisite Steps**
To retrieve the necessary credentials, follow these steps:
#### Steps to Register a Microsoft Graph App in Azure:
Register an application
1. Go to Azure Portal:\
Visit the [Azure Portal](https://portal.azure.com/).
2. Navigate to Azure Active Directory:\
In the left-hand menu, click on Azure Active Directory.
3. Register a New Application:
4. * In the Azure Active Directory panel, select App registrations.
* Click on New registration at the top.
5. Fill in Application Details:
6. * Name: name for your application (e.g., "Health Care Graph API").
* Supported account types: Select Accounts in this organizational directory only (Default Directory only - Single tenant)
* Once you’ve filled in the necessary details, click on the Register button.
Configure API Permissions:
1. After registration, you will be directed to the app's Overview page.
* Select API permissions from the left-hand menu under Manage.
* Click Add a permission > Microsoft Graph.
* Choose the appropriate permissions:
* * Application permissions (for app-only access without a user).
* Select the necessary permissions for your app (User.ReadBasic.All).
* Set Admin consent by clicking on Grant admin consent to Default Directory
> Not[^1]e:
>
> The `User.ReadBasic.All` permission allows reading only a basic set of profile properties, including display name, first name, last name, email address, open extensions, and photo. To access any other user properties, the `User.Read.All` permission is required, and to access/import user's group and group membership information, the `GroupMember.Read.All` permission is required.
Create a Client Secret:
1. * If your app needs to authenticate without user interaction, create a client secret (application password).
* Go to Certificates & secrets > New client secret.
* Provide a description and set an expiration period, then click Add.
* Note: Be sure to copy the secret value immediately, as you won't be able to see it again.
***
#### **4. Save the Integration Details**
1. Click on **Save** to save the Integration details.
2. If there are errors, check the credentials entered are valid.
[^1]:
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.trustlogix.io/integrations/attribute-source-connection/azure-ad-or-ms-entra-graph-endpoint.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.