Skip to main content

Integrating Microsoft Entra ID

Capabilities

DataGrail's Microsoft Entra ID integration provides the following capabilities:

ProductCapability
Live Data MapSystem Detection

Before You Start

To successfully configure this integration, please ensure you have sufficient privileges:

  • DataGrail User Role: Super Admin, Connections Manager
  • Microsoft Entra ID User Role: Admin
Microsoft Entra ID as an SSO Solution

This Entra ID integration is configured separately from your SSO solution. For more details on managing DataGrail SSO with Microsoft Entra ID, please see: SSO/SAML Setup: Microsoft Entra ID

(Optional) Create an App Registration for US Government Tenant

If you use a US government (GCC) tenant, you need to register your own Microsoft Entra application for OAuth.

info

This step is not required if you use a Commercial Microsoft Entra tenant.

  1. Log in to the Microsoft Entra admin center.
  2. Navigate to Identity, Applications, and then App registrations.
  3. Select New Registration and enter the following configuration:
Registration Configuration
  • Supported account types: Accounts in this organizational directory only (Default Directory only - Single tenant)
  • Redirect URI: https://datagrail.io/oauth/microsoft_teams
  1. Select Register and copy your Client ID and Tenant ID.
  2. In the left menu, select Certificates & secrets and then New client secret.
  3. Create the Client Secret and copy the value in a secure, temporary location.

Connect to DataGrail

  1. Log in to Azure Portal with an admin account.
  2. In DataGrail, navigate to Integrations and select Configure New Integration to search for Microsoft Entra ID.
  3. If you use a US Government (GCC) tenant:
US Government (GCC) Tenant Configuration
  1. Select US Gov (GCC) environment.
  2. Input the Tenant.
  3. Input the Client ID.
  4. Input the Client Secret.
  1. Select Login to Configure and authorize the necessary permissions to DataGrail:
Required Scopes
  • offline_access
  • Application.Read.All
  • User.Read.All

Next Steps

Now that you've successfully connected the integration, check out the following resources:

Troubleshooting

If you are unable to successfully connect the integration, review these common troubleshooting steps:

Ensure Required Permissions Are Granted on API Keys/Resources

DataGrail checks required permissions and scopes on API keys/resources used by each integration. If all necessary permissions are not granted, new connections will fail.

Review Required Account Types and User Roles

If users do not have the necessary permissions or the minimum required user role in the connecting system, the connection to DataGrail will fail. Additionally, connections will fail if your account type does not match the one required by the integration.

See Before You Start to review these requirements.

API Documentation

Learn more about this API implementation and DataGrail functionality in our API Integration Documentation.

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.