SaaS Security
Onboard a Microsoft Entra ID App to SSPM
Table of Contents
Onboard a Microsoft Entra ID App to SSPM
Connect a Microsoft Entra ID instance to SSPM to detect posture risks.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
For SSPM to detect posture risks in your Microsoft Entra ID instance, you must
onboard your Microsoft Entra ID instance to SSPM. Through the onboarding process,
SSPM connects to a Microsoft Entra ID API and, through the API, scans your Microsoft
Entra ID instance for misconfigured settings. If there are misconfigured settings,
SSPM suggests a remediation action based on best practices.
SSPM gets access to your Microsoft Entra ID instance through OAuth 2.0 authorization.
During the onboarding process, you will log in to Microsoft Entra ID and grant SSPM
the access it requires.
To onboard your Microsoft Entra ID instance, you complete the following actions:
Identify the Administrator Account for Granting SSPM Access
During the onboarding process, SSPM will redirect you to log in to Microsoft
Entra ID. After you log in, Microsoft Entra ID will prompt you to grant SSPM the
access it needs to your Microsoft Entra ID instance.
After SSPM establishes the connection, it will perform an initial scan of your
Microsoft Entra ID instance, and will then run scans at regular intervals. For
SSPM to run these scans, the administrator account that you use to establish the
initial connection must remain available. For this reason, we recommend that you
use a dedicated service account to grant SSPM access. If you delete the service
account, the scans will fail and you will need to onboard Microsoft Entra ID
again.
- Verify that your account has the permissions that SSPM will require.Required Permissions: To grant SSPM the access that it requires, you must log in with an account that has Microsoft Global Admin permissions.Log out of all Microsoft Entra ID accounts.Logging out of all Microsoft Entra ID accounts helps ensure that you log in under the correct account during the onboarding process. Some browsers can automatically log you in by using saved credentials. To ensure that the browser does not automatically log you in to the wrong account, you can turn off any automatic log-in option or clear your saved credentials. Alternatively, you can prevent the browser from using saved credentials by opening the Cloud Management Console in an incognito window.
Connect SSPM to Your Microsoft Entra ID Instance
By adding a Microsoft Entra ID app in SSPM, you enable SSPM to connect to your Microsoft Entra ID instance.- Log in to Strata Cloud Manager.Select and click the Microsoft Entra ID tile.On the Posture Security tab, Add New instance.Select the option to Log in with Credentials and Connect.SSPM redirects you to the Microsoft Entra ID login page.Enter the credentials for the Microsoft Global Admin account that you identified earlier, and log in to Microsoft Entra ID.Microsoft Entra ID displays a consent form that details the access permissions that SSPM requires.Review the consent form and allow access.
