Skip to main content

Microsoft Entra ID Integration

G
Written by Gleb Nikonov
Updated this week

By integrating with Microsoft Entra ID, you can import employee details—including names, email addresses, and profile images—directly into an Ardoq workspace.

Additionally, you can also import groups and applications associated with your Entra ID configuration.

Prerequisites for Using Microsoft Entra ID with Ardoq

  • You must be an admin of your Ardoq organization

  • You must have access to Entra ID in Microsoft Azure with the permissions to create a new enterprise application

We'll be creating an enterprise application that can read user, group, and application data on behalf of Ardoq. This will require creating the application, giving it the correct permissions, and creating a client secret.

Creating an Azure Application to Connect Entra ID to Ardoq

  1. Navigate to the Azure Portal for the instance you want to connect

  2. Go to the Microsoft Entra ID service

  3. Go to Manage > Enterprise applications

  4. Click New application and select Create your own application

  5. In the dialog that follows, select the Integrate any other application you don't find in the gallery (Non-gallery) option

  6. Name your application and save it.

  7. Next, go to App registrations in the Entra ID service menu

  8. Select your application

  9. In the page that follows, select Certificates & secrets and then the Client secrets tab

  10. Click New client secret

  11. Give it a name and set an expiration date

    1. Note: the Ardoq integration will stop working when the client secret expires and will require a new client secret

  12. Next, go to the API permissions tab

  13. Click Add a permissions, select Microsoft Graph, and then Application permissions

  14. Search and add the following permissions:

    1. Application.Read.All

    2. Group.Read.All

    3. User.Read.All

  15. Click Add permissions

  16. Finally, click Grant admin consent for Default Directory

With the application ready, note down the tenant ID, client ID, and the client secret, which we will use to create the connection in Ardoq.

Available Resources

Each of the available resources is tied to the permissions you have configured in your enterprise application connection above. If you do not need all the available resources, you can use more limited permissions.

Users

Ardoq brings in all basic fields associated with persons in Entra ID including name, email, job title, office location, country, department, phone numbers, and others.

Additionally, the Entra ID integration brings in manager relationships, allowing you to structure your company hierarchy through the import.

Finally, Entra ID extension attributes (from 1 to 15) are also available in the integration. This will allow you to bring in your own custom attributes into Ardoq.

Profile Pictures

Profile pictures of users can be imported into Ardoq to help visualize people components. This can be done through by clicking the Settings button during the data selection step.

Toggle the Import profile pictures option to enable the feature.


​Enabling this toggle will automatically select the user ID and Display name fields because they are required for importing profile pictures.

Groups

Groups fields include the group name, the member IDs, member emails, as well as group owner contact details.

The Users table will contain additional fields to help mapping users to groups, specifically:

  • MemberOf ID

  • MemberOf display name

  • MemberOf description

Applications

Applications that are registered to your Entra ID platform can also be brought into Ardoq, including its App ID, its tags, and owner details.

Connecting to Entra ID with Ardoq

To connect your instance of Entra ID with Ardoq, you will need to create a new connection using the enterprise application you created for the connection.

Navigate to the Connections tab in the Entra ID integration page and click Create new connection. Fill in the tenant ID, client ID, and client secret fields then click Connect.

Integration Setup

Selecting Data

While the user, group, and application tables can be brought into Ardoq as separate entities, there are a number of connections between the tables to help you model your Entra ID organization in Ardoq.

Users have a Manager ID that can create a manager relationship and allow you to build out your organization's hierarchy. Additionally, users also have a group ID that can create a reference between a user and the groups that they are part of in Entra ID.

Similarly, applications have an Owners ID field that can be connected back to users.

Managed Workspaces

When you schedule an integration, you can designate the workspace as a Managed Workspace by ticking the Disable manual data changes in the workspace toggle.

Managed workspaces do not allow manual changes to the data in the workspace — all updates to the workspace will come from the scheduled imports.

FAQ

Handling Large User Data Imports from Microsoft Entra ID

If you'd like to pull only a subset of data from Microsoft Entra ID, you can configure a pre-fetch filter to fetch specific users, groups, and applications. This can help reduce load times and prevent potential timeouts.

The filter option is available in the Select data step of the import under the Filters button for all tables.


Note: Microsoft Graph API has a known limitation due to which we cannot use the ne/NOT/endsWith filters on fields like Manager ID, email, or name, as the request will fail.

Related Articles
Azure Integration
ServiceNow Integration
Microsoft Entra ID Integration (v1)
How to map Microsoft Azure resources to Ardoq Solutions
SharePoint Integration
Did this answer your question?