Skip to main content

How does the integration with Microsoft Entra ID (Azure AD) work in SMARTFENSE (fields, domains, and groups)?

  • Updated

SMARTFENSE uses a set of attributes from Microsoft Entra ID for user import and synchronization, which are stored in specific fields within the platform.

Fields used

The following fields are taken from Microsoft Entra ID (Azure AD) and stored in SMARTFENSE:

  • employeeId
    User identifier. It is stored in the Employee ID field
  • preferredLanguage
    User's preferred language. Must follow the ISO 639-1 standard
    Example: en-US
  • display_name
    Visible name of the user in the administration
  • given_name
    User's first name
  • surname
    User's last name
  • mail
    Email address (SMTP)
    Example: user@company.com
  • mail_nickname
    Email alias (maximum 64 characters)
  • user_principal_name
    User principal name (UPN), used as login
    Must belong to a verified domain
  • object_id
    Globally unique identifier (GUID) of the user (read-only and immutable)

Reference

For more information about these attributes, consult the official Microsoft documentation:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-profile-attributes

Considerations about domains

In the Users and groups > Import and synchronization > From Microsoft Entra ID section, click Save

In organizations with multiple domains:

  • To import users from all domains → use the root domain (onmicrosoft)
  • To import users from a specific domain → specify only that domain

Groupings (groups)

SMARTFENSE allows importing different types of groups from Microsoft Entra ID.

  • Previously: only Security type groups
  • Currently: all types of Microsoft Entra ID groups are supported

Group format in import

When importing users from groups:

  • Names must exactly match those defined in Microsoft Entra ID
  • They must be separated by commas without spaces
  • They must not be enclosed in quotes

Example:

Group1,Group2,Group_3

This applies to both:

  • User import by groups
  • Configuration in the Groupings section

Functional Areas and Hierarchical Levels

These fields:

  • Correspond to text properties in Microsoft Entra ID
  • Must not be relationship (object) type properties

Considerations

  • Field and group names must exactly match Entra ID
  • Some fields are read-only or immutable
  • Proper configuration impacts synchronization and authentication

💡 Best practices

  • Validate available attributes in Microsoft Entra ID beforehand
  • Use consistent nomenclature in groups and properties
  • Perform import tests before productive synchronization

 

 

Related to

Related articles