Microsoft Entra ID
Microsoft Entra ID (formerly Azure Active Directory) is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.
Configuration
| Name | Type | Description |
|---|---|---|
tenant_id |
string |
ID of the Microsoft Entra ID tenant |
client_id |
string |
Client ID. An application needs to be created in the Azure Portal and assigned relevent permissions. Its Client ID should then be used in this configuration. |
client_secret |
string |
Client Secret associated with the registered application. Admin Consent has to be granted to the application for it to work. |
username |
string |
The username of the delegated account used for some administrative tasks (eg: reset password) |
password |
string |
The password of the delegated account used for some administrative tasks (eg: reset password) |
Actions
Delete app
Delete an app in azure AD. Requires the Application.ReadWrite.OwnedBy or Application.ReadWrite.All.
Arguments
| Name | Type | Description |
|---|---|---|
objectId |
string |
Object ID of the app. |
Disable User
Disable an Azure Active Directory user. Requires the User.ReadWrite.All permission.
Arguments
| Name | Type | Description |
|---|---|---|
id |
string |
ID of the user. id or userPrincipalName should be specified. |
userPrincipalName |
string |
Principal Name of the user. id or userPrincipalName should be specified. |
Enable User
Enable an Azure Active Directory user. Requires the User.ReadWrite.All permission.
Arguments
| Name | Type | Description |
|---|---|---|
id |
string |
ID of the user. id or userPrincipalName should be specified. |
userPrincipalName |
string |
Principal Name of the user. id or userPrincipalName should be specified. |
Get SignIns
Get the last sign ins of an Azure AD user. Requires the AuditLog.Read.All and Directory.Read.All permissions.
Arguments
| Name | Type | Description |
|---|---|---|
id |
string |
ID of the user. id or userPrincipalName should be specified. |
Outputs
| Name | Type | Description |
|---|---|---|
signIns |
array |
Get User
Get information about an Azure Active Directory user. Requires the User.Read.All permission.
Arguments
| Name | Type | Description |
|---|---|---|
id |
string |
ID of the user. id or userPrincipalName should be specified. |
userPrincipalName |
string |
Principal Name of the user. id or userPrincipalName should be specified. |
Outputs
| Name | Type | Description |
|---|---|---|
id |
string |
|
accountEnabled |
boolean |
|
assignedLicenses |
array |
|
city |
string |
|
companyName |
string |
|
country |
string |
|
createdDateTime |
string |
|
creationType |
string |
|
deletedDateTime |
string |
|
department |
string |
|
displayName |
string |
|
identities |
array |
|
jobTitle |
string |
|
lastPasswordChangeDateTime |
string |
|
mail |
string |
|
mobilePhone |
string |
|
userPrincipalName |
string |
Get User Authentication Methods
Get information about an user's authentication methods (such as their MFA status). Requires the UserAuthenticationMethod.Read.All permission.
Warning
This action may not work if the tenant does not have the appropriate license (e.g., Microsoft Entra ID/Azure AD Premium P1 or P2).
Arguments
| Name | Type | Description |
|---|---|---|
userPrincipalName |
string |
Principal name of the user, which may correspond to their Azure email address. |
Outputs
| Name | Type | Description |
|---|---|---|
authenticationResults |
array |
Reset User Password [DEPRECATED]
Reset a user's password (deprecated). You will need UserAuthenticationMethod.ReadWrite.All delegated permission. And to disable the MFA authentication in your azure AD
Arguments
| Name | Type | Description |
|---|---|---|
id |
string |
ID of the user. id or userPrincipalName should be specified. |
userPrincipalName |
string |
Principal Name of the user. id or userPrincipalName should be specified. |
userNewPassword |
string |
New password, required to reset the old one of course. |
Reset User Password
Resets a user's password by patching passwordProfile. Requires User-PasswordProfile.ReadWrite.All (Application), admin consent and appropriate Entra role assignment
Arguments
| Name | Type | Description |
|---|---|---|
id |
string |
ID of the user. Only one of id or userPrincipalName should be specified. |
userPrincipalName |
string |
Principal Name of the user. Only one of id or userPrincipalName should be specified. |
userNewPassword |
['string', 'null'] |
New password, to reset the old one. Let empty to generate a random password. If not empty, should comply with https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad-combined-policy |
forceChangePasswordNextSignIn |
boolean |
Determines if the user must change their password on the next sign-in. |
forceChangePasswordNextSignInWithMfa |
boolean |
Determines if the user must perform a multifactor authentication (MFA) before being forced to change their password. |
Outputs
| Name | Type | Description |
|---|---|---|
newPassword |
string |
New password |
Revoke Sign in
Invalidates all the refresh tokens issued to applications for a user. Requires the User.ReadWrite.All or Directory.ReadWrite.All permissions.
Arguments
| Name | Type | Description |
|---|---|---|
id |
string |
ID of the user. id or userPrincipalName should be specified. |
userPrincipalName |
string |
Principal Name of the user. id or userPrincipalName should be specified. |
Set up
Configuration
Collect events
Create an Azure application
- On the Azure Portal, in the search bar, go to
App registrations - Click
+ New registration - Type a name
- Select
Accounts in this organizational directory onlyoption as account type - Click
Register - From the
Overviewpage, copyApplication (client) IDandDirectory (tenant) ID
Create a client secret
- Go to
Manage>Certificates & secrets - Click
+ New client secret - Type a description and select the desired expiration period
- Click
Add - Copy the
Valueof the client secret
Add permissions
- Go to
Manage>API permissions - Click
Add a permission - On the right panel, Select
Microsoft APIstab - Click
Microsoft Graph - Click
Application permissions - Select the permissions according to your needs. Permissions used in the actions are:
Application.ReadWrite.OwnedByorApplication.ReadWrite.All.User.ReadWrite.AllUserAuthenticationMethod.ReadWrite.AllDirectory.ReadWrite.AllAuditLog.Read.AllUser-PasswordProfile.ReadWrite.All
- Click
Add permissions - In the
API permissionspage, clickGrant admin consent for TENANT_NAME - Click
Yesin theGrant admin consent confirmationmodal
Extra
Module Microsoft Entra ID v2.10.17