Integrate with Microsoft Entra ID

In this topic, you will learn how to integrate Portnox™ Cloud with Microsoft Entra ID services.

Warning:
If you integrate your Portnox Cloud with both Entra ID and Active Directory, the Entra ID integration takes precedence in case of devices that are enrolled in both directories. This means that if a device is found in Entra ID, Portnox Cloud will not even check for its existence in Active Directory. This is because in Portnox Cloud, an account representing a device can only be associated with one directory at a time.
  1. In the Cloud portal top menu, click on the Settings option.

  2. In the Cloud portal left-hand side menu, click on the Authentication Repositories > ENTRA ID INTEGRATION SERVICE option.

  3. Enable the Entra ID integration.
    1. Under the Entra ID Integration Service heading and description, click on the Edit link.

    2. Click on the Disabled/Enabled switch to put it in the Enabled position.

    3. Click on the Save button.
  4. In the Specify the type of provisioning Entra ID applications during integration step, select the Automatic option.

    Important:
    In this topic, you will integrate Portnox Cloud with Entra ID using the automatic provisioning option. If you prefer to use the Manual option to have granular control over application privileges in your Entra ID environment, go to the following topic: Integrate with Entra ID using manual provisioning.
    Warning:
    Wait for the Microsoft web servers to display the results of each step of the integration before you proceed further. Do not hurry. Otherwise, the integration process may fail and you will need to start it from scratch.
  5. Grant Portnox Cloud permissions to deploy enterprise applications in your Entra ID.
    1. In another browser tab, open your Azure Portal dashboard.
    2. In the Azure Portal dashboard, click on the menu icon in the top left corner and select the Microsoft Entra ID option.

    3. In the right-hand side pane of the Azure Portal dashboard, you will see a Basic information section.

    4. Copy the value of the Tenant ID field from the Azure Portal dashboard and paste it into the Entra ID field in Portnox Cloud.

    5. Click on the Sign in with Entra ID Account button.

      Your browser will display a Microsoft prompt to select an account.

    6. Click on the admin account for your Entra ID tenant.

  6. Grant Portnox Cloud permissions to read directory data.
    1. Click on the Grant Permissions button.

      Your browser will display a Microsoft prompt to select an account.

    2. Click on the admin account for your Entra ID tenant.

      Important:
      If the selected Azure account does not have administrative privileges, you may be unable to integrate or asked to contact your administrator.

      Your browser will display a Microsoft prompt asking you to confirm the required permissions.

    3. Click on the Accept button to confirm permissions that the Portnox Cloud enterprise application will have to your Microsoft Entra ID data.
  7. Grant Portnox Cloud permissions to validate user credentials.
    1. Click on the Grant Permissions button.

      Your browser will display a Microsoft prompt to select an account.

    2. Click on the admin account for your Entra ID tenant.

      Important:
      If the selected Azure account does not have administrative privileges, you may be unable to integrate or asked to contact your administrator.

      Your browser will display a Microsoft prompt asking you to confirm the required permissions.

    3. Click on the Accept button to confirm permissions that the Portnox Cloud enterprise application will have to your Microsoft Entra ID data.
  8. Select the domains managed by Entra ID that you want to associate with your Portnox Cloud organization.

    • If your Entra ID manages many domains you can use the search domains field to search for a string that matches a domain name. The list of domains below the search field will be updated as you type.
    • Click on the select all or unselect all link to select or deselect all domains in the list.
    • Click checkboxes next to domains to select or deselect them individually.
    1. After you select the domains, click on the Save Domains button to save your selection.
  9. Under the Entra ID Integration Service section, click on the Force sync link.

    Portnox Cloud will start synchronizing immediately in the background with your Entra ID. If you do not click Force sync, the synchronization process will be started automatically later.

    Note:
    If your Entra ID directory is very large, this process can take up to approximately an hour.
  10. Optional: If you want to edit the options of your Entra ID integration or configure additional options, read the following topic: Edit your Entra ID integration.

Result: Your Entra ID integration is now active. You can authenticate devices on your network using Entra ID.