/
MICROSOFT ENTRA ID: Non-CSP

MICROSOFT ENTRA ID: Non-CSP

This integration involves registering one application to pull Customers' Azure AD details (Multi-Tenant application).

The default sync interval for Entra ID data is once per day (every 24 hours)

You can sync manually using the Sycn button:

image-20240909-172527.png

Topic - Table of Contents

Multi-Tenant application

Refer to the video below for the detailed steps that have been documented.

Azure AD Non CSP .mp4
Azure AD Non-CSP

Creating Azure Application for Microsoft Partner Center

  • Step 1a: Login to https://portal.azure.com/ using MFA Enabled Global Administrator Role to get Client ID, Secret ID, and set permissions.

  • Step 1b: In the Microsoft Azure Portal, search for Microsoft Entra ID and select it.

image-20250818-181112.png

App Registration

  • Step 1c: Navigate to App Registrations —> Click on + New registration

image-20250818-181304.png

Register an application page will display and needs the following information filled in:

  1. Name - Any Name for the application. (E.G: ConnectSecure Entra Integration)

  2. Select the Supported Account Types as Multi-Tenant.

  3. Redirect URL

    1. Under the select platform box select Web.

    2. Second box gives the URL link as https://authccns.mycybercns.com/?consent

  4. Once all the information is entered correctly click on the Register Button.

image-20250818-181450.png

 

  • Once the application is registered successfully, it will give a Pop-up Message as “Successfully created application” message.

  • Copy and record the

    • Application (Client) ID

    • Directory (Tenant) ID

image-20250818-181657.png

Certificate and Secrets

  • Create a New Client Secret for this created application, Navigate to Certificate and Secrets > Client Secrets > New Client Secret.

  • Provide a Description of this new client's secret

  • Provide until when this Client Secret can be used and then click on Add.

image-20250818-181825.png

Partners need to renew the client secret once it expires and add it back to the ConnectSecure portal, based on your configuration.

image-20250818-182014.png

  • Once added an auto-generated Value will be seen. Copy the Value and use it as a Client Secret into ConnectSecure Portal.

API Permissions

Below are the steps to add all required API permissions for the Entra ID application in a single shot, instead of adding them one by one.

  1. Once the application is created click on the "Manifest" option under Manage as shown below.

image-20250818-182329.png

  1. This will open a JSON file.

  2. Replace for the requiredResourceAccess key value with the JSON value given below and click on save. This will add all required API permission in one shot.

"requiredResourceAccess": [ { "resourceAppId": "00000003-0000-0000-c000-000000000000", "resourceAccess": [ { "id": "3de2cdbe-0ff5-47d5-bdee-7f45b4749ead", "type": "Scope" }, { "id": "4908d5b9-3fb2-4b1e-9336-1888b7937185", "type": "Scope" }, { "id": "ebfcd32b-babb-40f4-a14b-42706e83bd28", "type": "Scope" }, { "id": "e4c9e354-4dc5-45b8-9e7c-e1393b0b1a20", "type": "Scope" }, { "id": "314874da-47d6-4978-88dc-cf0d37f0bb82", "type": "Scope" }, { "id": "64733abd-851e-478a-bffb-e47a14b18235", "type": "Scope" }, { "id": "02e97553-ed7b-43d0-ab3c-f8bace0d040c", "type": "Scope" }, { "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", "type": "Scope" }, { "id": "a154be20-db9c-4678-8ab7-66f6cc099a59", "type": "Scope" }, { "id": "5f8c59db-677d-491f-a6b8-5f174b11ec1d", "type": "Scope" }, { "id": "06da0dbc-49e2-44d2-8312-53f166ab848a", "type": "Scope" }, { "id": "e383f46e-2787-4529-855e-0e479a3ffac0", "type": "Scope" }, { "id": "f6a3db3e-f7e8-4ed2-a414-557c8c9830be", "type": "Scope" }, { "id": "fdc4c997-9942-4479-bfcb-75a36d1138df", "type": "Role" }, { "id": "5b567255-7703-4780-807c-7be8301ae99b", "type": "Role" }, { "id": "498476ce-e0fe-48b0-b801-37ba7e2685c6", "type": "Role" }, { "id": "658aa5d8-239f-45c4-aa12-864f4fc7e490", "type": "Role" }, { "id": "2f51be20-0bb4-4fed-bf7b-db946066c75e", "type": "Role" }, { "id": "bf394140-e372-4bf9-a898-299cfc7564e5", "type": "Role" }, { "id": "df021288-bdef-4463-88db-98f22de89214", "type": "Role" }, { "id": "b0afded3-3588-46d8-8b3d-9842eff778da", "type": "Role" }, { "id": "d07a8cc0-3d51-4b77-b3b0-32704d1f69fa", "type": "Role" }, { "id": "230c1aed-a721-4c5d-9cb4-a90514e508ef", "type": "Role" }, { "id": "b633e1c5-b582-4048-a93e-9f11b44c7e96", "type": "Role" }, { "id": "7ab1d382-f21e-4acd-a863-ba3e13f7da61", "type": "Role" } ] } ],

 

image-20250904-184508.png

  1. Tap on Save to complete.

Grant Admin Permissions

Tap on the Grant admin consent for ‘domain’ button

image-20250904-185737.png

Select YES to the prompt.

image-20250904-185800.png

Permissions can be confirmed on the Status column.

The Microsoft 365 integration operates using Microsoft Graph in application (app‑only) mode, which removes reliance on a user account and avoids MFA prompts or password changes. This ensures stable and reliable delivery of reports and notifications.
Mail.Send and Mail.Send.Shared (application) permissions are not required by default for Azure Non‑CSP app registrations. These permissions are ONLY necessary when the Microsoft 365/Office 365 email integration is enabled to send reports or notifications via Graph.
If the email integration is enabled, access can be restricted to a specific mailbox by applying a Microsoft Application Access Policy, following security best practices.
If the Office 365 email integration is not in use, these permissions do not need to be granted and can be safely removed without impacting core platform functionality or reporting

image-20250904-185817.png

Azure Active Directory Non-CSP Integration setup

Refer to the below video for the detailed steps documented below.

Azure AD Non CSP.mov
Azure AD Non CSP Integration with ConnectSecure

Global Settings → Integrations

  • Navigate to Global Settings() > Integrations and choose Microsoft Entra ID Non-CSP from the integrations listed.

image-20240722-143501.png

Add Credentials

  • It will lead to add credentials for your Azure AD Non CSP. Provide details as requested.

image-20240722-143530.png

Add Azure AD Non CSP Credentials

  • Click on + to add Azure AD CSP credentials.

  • Choose a Name for the credentials for your reference.

  • By default Azure CSP Authentication Endpoint will be Global Service, it can be changed by dropdown if the Microsoft login mail id is associated with .us or .com (US government/ Global Service)

  • Provide Tenant ID - This is the Tenant ID from the created application. (This is same for both the applications created- Multi Tenant).

  • Provide Client ID and Client Secret for created Azure application for Azure Active Directory(Multi Tenant).

  • Click on Save to save these credentials successfully. This will lead to Microsoft login page to ask for consent.

  • Once the login is successful, the Azure AD Credentials will be stored successfully.

  • A user having a Global Administrator role/permissions is required to be used for login.

  • Using the above method you can add multiple credentials.

Company Mapping

  • In Company Mapping, choose the Azure AD Credential of your choice from the dropdown

  • Click on +Add to map the company.

Screenshot 2024-01-05 at 7.54.16 PM.png

One of these two options could be selected

  • Import Companies from Azure AD:- To import multiple companies from Azure AD at a time. This will create a new company under CyberCNS for every company imported from Azure AD.

  • Map Existing Company to an Azure AD company:- To map an existing company into CyberCNS to the Azure AD company.

Import Companies from Azure AD

  • To import multiple companies from Azure AD, choose Import Companies from Azure AD, and click on Next.

Screenshot 2024-01-05 at 7.54.31 PM.png

  • Multiple companies can be added to the user interface so the Azure AD data to be synced to the appropriate companies selected.

Screenshot 2024-01-05 at 7.54.49 PM.png

  • Click on Save to import all the selected Azure AD companies.

Screenshot 2024-01-05 at 8.00.20 PM.png

  • There is an option to Delete the integration mapping using the Action column. Any company mapping can be deleted if needed.

Screenshot 2024-01-05 at 8.01.14 PM.png

Map Existing Company to an Azure AD Company

  • As shown in the below image, to map existing company, select the Existing company and Azure AD company by using a dropdown or with the search bar as per the requirement.

Screenshot 2024-01-05 at 8.03.20 PM.png

Once the company is selected click on ‘+' to select the company and click on Finish to map all the selected Azure AD companies

Screenshot 2024-01-05 at 8.04.09 PM.png

  • By clicking the Add Button, the mapping company credentials will be saved and likewise more companies can be selected from the list to be added.

  • Click on Finish to save the added company mapping successfully.

Screenshot 2024-01-05 at 8.04.44 PM.png

  • Please wait for the sync to complete to get the data under Azure Active Directory and Microsoft Secure Score section.

  • Under Azure Active Directory> Sync Now can help you sync the data at any point of time.

  • Once Sync now is selected, the Jobs > Azure Active Directory jobs section will show a job for sync in progress. Once it is completed, the data will be successfully shown under Azure Active Directory and Microsoft Secure Score.

Auto sync does occur once every 24 hours

This completes Azure Active Directory Non-CSP Integration documentation.

Need Support?

If you need assistance, our support team is here to help. You can create, view, and manage support tickets through our portal at any time.

Support Portal: https://connectsecure.freshdesk.com
Email: support@connectsecure.com