Microsoft Entra ID for Third-party Discovery

  • 2 minute(s) read
Prev Next

About this document

This document provides step-by-step instructions for configuring the "Third-party discovery via Microsoft Entra ID" Integration in SAFE for auto-discovering third parties from Azure(via Entra ID) into SAFE.

Introduction

This integration allows you to automatically discover your third parties from Microsoft Entra ID to onboard into SAFE. Third parties are discovered by identifying SAML(SSO) applications in Entra ID and using its metadata to discover third parties for SAFE. SAFE Admins can configure this integration from the "Third-party discovery via Microsoft Entra ID" card available on the Integrations page.

Prerequisites

  • Admin access to Azure for creating an application in Entra ID

Generate connection details

To integrate SAFE with Third-party discovery via Microsoft Entra ID, we need 3 details to be generated from Azure:

  • Tenant Id

  • Client Id

  • Client Secret

To generate these details, an application will be created in the Azure portal and given the required API read-only permissions.

Register App on Azure

  1. Log in to the Azure Portal.

  2. Navigate to Microsoft Entra ID.

  3. Go to the App registrations and click the New Registration button.
    Entra 1.png

  4. On the app registration page, enter the Name for the application, select the Account Type, and Redirect URI.
    Entra 2.png

    1. Name: Enter an application name of your choice.

    2. AccountType: Select the option "Accounts in the organizational directory only (Default Directory only - Single Tenant)"

    3. Redirect URI: This can be left blank.

  5. Click the Register button. The system registers the application.

Create the Client Secret

When we register a new application in Azure, it does not have any client secrets. To create a Client Secret:

  1. Navigate to Certificates & Secrets from the left navigation.

  2. Click the New Client Secret button.
    Entra 3.png

  3. Enter the Description and Expiry for the Client Secret.

  4. Click the Add button.
    Entra 6.png

  5. The system adds the Client Secret and displays the details on the same page.

  6. The Value field is the secret created. Copy and save the Client Secret on your system for later usage while configuring the integration in SAFE.
    Entra 5.png

Configure API permissions on the Application

  1. Open the app and navigate to API permissions.

  2. Select +Add a permission.
    Entra 7.png

  3. Under Microsoft APIs click the Microsoft Graph.
    Entra 9.png

  4. Select Application permissions, In the search bar, search Application and select Application.Read.All, and then click Add Permissions.
    Entra 10.png

  5. After assigning permissions, grant the admin consent by clicking on check mark.
    Entra 11.png

Configure Third-party discovery via Microsoft Entra ID in SAFE

Follow the below steps to configure Azure in SAFE:

  1. Go to the Integrations and click the Third-party discovery via Microsoft Entra ID card.

  2. On the Configure page, enter the TenantID, ClientID, and Client Secret generated above

  3. Click the Test Connection button.

  4. Once the connection is validated, click the Save button.

  5. Once the configuration is saved, click the Sync Now button to trigger the on-demand sync outside the scheduled auto sync.
    Entra 15.png

View results

  1. From the left navigation menu, go to Third-Parties.

  2. Click the Newly Discovered button available at the top-right corner of the search page.

  3. Here you will see the list of discovered third parties from the integration. You can select and onboard them into SAFE from here.

FAQs

How are third parties discovered?

SAFE queries the enterprise application in Microsoft Entra ID to discover the third parties.

Why am I seeing some incorrect results in the list of 3rd parties detected?

As this is an automatic discovery, there might be some cases where the third parties might be wrongly detected. These entries can be ignored as it's up to the SAFE user onboard the third parties to SAFE.