Skip to content
CapaSystems Docs

Integrate CapaOne with Entra ID

  1. Navigate to https://portal.azure.com/#home

  2. Click Microsoft Entra ID

Azure portal home with Microsoft Entra ID highlighted

  1. Click App registrations

Microsoft Entra ID overview with App registrations in the sidebar

  1. Click New registration

App registrations page with the New registration button

  1. Provide a name and select what organizational directory should be synced and click Register at the bottom of the page

Register an application form with name and supported account types

  1. Click on Add a certificate or secret

App registration overview with the Add a certificate or secret link

  1. Click on New client secret

Certificates and secrets page with the New client secret button

  1. Provide a description (not required) and set an expiration date. We suggest setting it to 24 months. Afterwards click Add at the bottom of the page

Add a client secret panel with description and a 24-month expiry

  1. After the client secret is created you need to copy the value and save it in a notepad. If you refresh or leave the page you will have to create a new client secret

Client secret Value and Secret ID columns ready to copy

  1. Click on API permissions in the sidebar and then Add a permission

App registration sidebar with API permissions and the Add a permission button

  1. Select Microsoft Graph

Request API permissions panel with Microsoft Graph selected

  1. Select Application permissions

Microsoft Graph permission type with Application permissions selected

  1. Scroll down and expand Group and set a checkmark in Group.Read.All and then Add permissions at the bottom of the page

Group permissions expanded with Group.Read.All checked

  1. Go through the same permission steps and set a checkmark in User for User.Read.All and Add permissions

User permissions expanded with User.Read.All checked

  1. Go through the same permission steps and set a checkmark in GroupMember for GroupMember.Read.All and Add permissions

GroupMember permissions expanded with GroupMember.Read.All checked

  1. Click on Grant admin consent for (name of directory)

API permissions list with the Grant admin consent button

  1. Click Yes to the popup

Grant admin consent confirmation dialog

  1. Click on Home in the upper left corner

Azure portal with the Home link in the upper left corner

  1. Click on Microsoft Entra ID

Azure portal home with Microsoft Entra ID

  1. Click on App registrations in the left pane

Microsoft Entra ID with App registrations in the left pane

  1. Copy the Application client ID to your notepad

App registration overview showing the Application (client) ID

  1. Click on Properties in the left pane

App registration sidebar with Properties selected

  1. Copy the tenant ID to your notepad

Entra ID Properties page showing the Tenant ID

  1. Go to the CapaOne Management portal and select integrations in the left pane

CapaOne management portal with Integrations in the left pane

  1. Click on New to create a new integration

CapaOne Integrations page with the New button

  1. Provide the following information for the new Entra ID integration

Name

Application Client ID

Tenant ID

Client secret value

(In your notepad you should have Tenant ID, Application ID and Client Value)

Then select a synchronization schedule and click on Create

New Entra ID integration form with name, client ID, tenant ID, and client secret

  1. If you click on the 3 dots to the right of the newly created integration you can do the following
  • Edit
  • Sync now
  • View integration
  • Delete

Integration action menu with Edit, Sync now, View integration, and Delete

  1. Click on Sync now

Integration action menu with Sync now selected

  1. When the sync is done, click on Users in the left pane and the users from the Entra ID will have a Entra icon to the left of their name

CapaOne Users list showing an Entra icon beside each synced user