Integrating Microsoft Entra ID and SSO for Zero Trust Secure Access

Procedure

1. Go to Zero Trust Secure Access → Secure Access Configuration → Identity and Access Management.
2. To take direct action on risky accounts and authenticate Private Access and Internet Access rules, grant necessary permissions in the Third-Party Integration app.
   1. Click Grant permissions next to Microsoft Entra ID.
      The Microsoft Entra ID screen opens in a new browser tab.
   2. Locate one or multiple Microsoft Entra ID tenants that you want to grant the "Read directory data and perform account management actions" permissions on, and then click Grant permissions in the Status column for Zero Trust Secure Access.
   3. Follow the onscreen instructions to enable the data connection.
   4. Switch back to the Zero Trust Secure Access browser tab.
   5. Configure your Microsoft Entra ID SSO settings.
3. To configure risk control rules, you must also grant data upload permission for Microsoft Entra ID in Operations Dashboard → Data source.
   1. Go to the Data Source panel in Operations Dashboard by clicking Data Source in the information that displays when you hover over in the Data upload permission status column.
   2. If the required Microsoft Entra ID permissions are not granted yet, click Manage permissions and integration settings in Third-Party Integration to open the Microsoft Entra ID screen of the Third-Party Integration app.
   3. Locate the Microsoft Entra ID tenants that you want to grant permissions on, and then click Grant permissions in the Status column for Attack Surface Risk Management.
   4. Switch back to the Microsoft Entra ID Data Source panel and turn on Data upload permission.
   5. Switch back to the Zero Trust Secure Access browser tab.

   Note Once you have configured Microsoft Entra ID as your data source, data begins syncing after 10 minutes. When the full sync is complete, Microsoft Entra ID syncs updates every 8 hours.