Microsoft Entra ID
In Visual Guard, Azure Entra represents the integration with Microsoft’s Azure Active Directory (Azure AD) under the new branding of Microsoft Entra ID. Microsoft Entra provides robust identity management, authentication, and access control features in the cloud. When integrated with Visual Guard, Microsoft Entra allows for seamless management of users, groups, and roles through Azure AD, providing enhanced security, scalability, and flexibility for cloud and hybrid environments.
Key Benefits of Microsoft Entra ID in Visual Guard:
- Centralized Identity Management: Manage user identities and access from a central Azure AD, simplifying the administration of users across multiple applications.
- Multi-Factor Authentication (MFA): Leverage Visual Guard’s MFA capabilities to enhance security for user logins, ensuring secure access to Visual Guard-protected resources.
- Conditional Access Policies: Administrators can configure conditional access policies based on location, device, or risk level to secure access to Visual Guard applications.
Azure Application Prerequisites
VG Azure is an application designed to run on Microsoft Azure, a cloud platform offering a range of services like virtual machines, databases, networking, and analytics. Such an application could leverage Azure’s capabilities to provide scalable, secure, and accessible cloud-based solutions for users or businesses.
Steps to configure your Application.
Step 1: Go to App Registrations –> Register your application by filling in the required details.

Step 2: The below list of configured permissions should include all the permissions the application needs. Applications are authorised to call APIs when they are granted permissions by user/admins as part of the consent process.

List of the configured permissions, for more details on each permission click on the permission.
API/Permissions Name | Type | Descritpion | Admin Consent Request |
---|---|---|---|
CustomSecAttributeAssignment | Delegated | Read custom security attirbute assignments | Yes |
Directory.AccessAsUser.All | Delegated | Acces directory as the signed in user | Yes |
Directory.Read.All | Delegated | Read directory data | Yes |
Directory.ReadWrite.All | Application | Read and write directory data | Yes |
User.Read | Delegated | Sign in and read user profile | No |
User.Read.All | Delegated | Read all users’ full profile | Yes |
User.ReadBasic.All | Delegated | Read all users’ basic profiles | No |
User.ReadWrite.All | Application | Read and write all users’ full profiles | Yes |
Step 3: Ensure that under advanced settings you enable the mobile and desktop flows to Yes.

Step 4: Under the users –> Service Account –> Assigned roles –> Ensure to have the User administrator role

Step 5: You will be able to view application details once created under the overview section

How to add Azure Entra in Visual Guard
Step 1: Login to the repository –> Go to Settings –> Click on Domains

Step 2: Click on Add Domain


- A – Active Directory
- B – Microsoft Entra ID
Step 3: Select Entra ID from the drop down list under Domain Type, enter all the required information as shown below:
- Domain Type: Specifies the type of domain, such as a public or private network, or a specific directory service like Azure AD or Active Directory.
- Domain Name: The unique name that identifies a domain within a network, often used to specify the location of a service or resource, like
example.com
. - Username: A unique identifier used by a user to log into a system or service, often paired with a password.
- Password: A secure string of characters used in combination with a username to authenticate a user’s identity.
- Tenant ID: A unique identifier for a tenant, or organization, in a multi-tenant cloud environment like Azure, used to segregate resources and user directories.
- Client ID: An identifier for an application within a service or platform (like Azure AD), used to authenticate and authorize the app during API calls.
You can find the Tenant ID & Client ID from the Azure Portal –> Home –> App Registrations –> Select your application –> Overview. (step 5 above)

Step 4: Click on the Edit icon to set the additional setting

There are 3 sections in the edit section that helps you to configure any actions for your ease.
- Domain Information: This includes user related information, domain type, username, password, tenant and client ID.
- Configure Actions: Defines specific tasks or permissions that users or groups can perform within the domain in Visual Guard, ensuring the right access and capabilities are granted for various operations.
- Configure Synchronization: Sets up rules and schedules for synchronizing user and group data between Visual Guard and external directories or systems, maintaining consistency and up-to-date access rights across platforms.

Note: While making the modifications on the settings, ensure you have the below updates set:
- In the “Configure Actions” settings, the option for “Action while changing password” should be set to ChangePassword. This ensures that when a user is created in Azure, they are prompted to change their password upon their first login in the WinConsole. Additionally, to enable password changes for Azure users from the UserDetails section, this option should also be set to ChangePassword.
- In the “Configure Synchronization” settings, both Mobile and EmailAddress should be set to Both. During MFA enrollment, if the Mobile and EmailAddress fields in Active Directory are empty, they will be populated with the values entered during enrollment. If these fields already contain values in Active Directory, those existing values will be displayed during MFA enrollment.

Step 5: Once you make your settings then you will get a notification as shown below to restart winconsole.
