Ctrlk
Sprinto DashboardAPI Reference
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Azure Active Directory Integration

Integrate Azure Active Directory (Entra ID) with Sprinto to automate access reviews, user sync, and infrastructure monitoring.

The Azure Active Directory (Entra ID) integration allows Sprinto to automatically collect evidence related to user access, roles, infrastructure, and security configurations.

This integration supports:

  • Access reviews and user monitoring.

  • Infrastructure visibility across Azure resources.

  • MFA and sign-in tracking.

  • Device monitoring via Intune (optional).

How it works

Sprinto connects to Azure Active Directory using OAuth-based authentication. You can choose between OAuth 2.0 and OAuth 2.0 Client Credentials.

Once connected, Sprinto:

  • Syncs users, groups, and roles.

  • Tracks enterprise application access.

  • Monitors sign-in activity and MFA (if permissions are granted).

  • Fetches Azure infrastructure metadata.

  • Continuously evaluates compliance checks.

Sprinto uses Microsoft Graph APIs for identity data and Azure Management APIs for infrastructure data. Tokens are securely generated and refreshed automatically.

Sprinto checks for Azure Active Directory

Below are the Sprinto checks for the following integration types:

  • Access management: Sprinto checks for users' access monitoring

Sprinto check
Reference procedure

Azure Active Directory access should be removed for offboarded user

How to fix

User should be identified

How to fix

User access to critical system should be valid

How to fix

The user access to the critical system becomes valid if the respective Org role is added to the system.

Prerequisites

Ensure the following before setting up the integration:

  • An active Azure subscription.

  • An Azure Active Directory (Entra ID) tenant.

  • Global Administrator or Application Administrator access.

  • Ability to grant admin consent for required permissions.

Permissions and access

Required permissions

Sprinto requires read-only access to:

  • Users and directory data.

  • Groups and memberships.

  • Organisation details.

  • Enterprise applications and service principals.

Optional permissions

  • Sign-in activity (for MFA and login tracking).

  • Intune device data.

Azure role requirement

  • Role: Reader.

  • Scope: Subscription level.

This ensures Sprinto can monitor resources without making any changes.

Features

  • Automated access reviews.

  • Continuous user and group synchronisation.

  • Enterprise application access tracking.

  • Infrastructure monitoring across Azure resources.

  • MFA and sign-in tracking (optional).

  • Device monitoring via Intune (optional).

Use cases

Use case
Description

Access reviews

Validate user access across systems

User lifecycle tracking

Monitor onboarding and offboarding

Infrastructure compliance

Track Azure resources for audits

MFA compliance

Verify authentication policies

Device compliance

Monitor managed devices

Connect Azure Active Directory

Step 1: Navigate to integrations

  1. Log in to the Sprinto dashboard.

  2. Go to Settings.

  3. Select Integrations.

  4. In the All tab, search for Azure Active Directory.

  5. Click Connect.

Step 2: Review permissions

  1. Review the permissions required by Sprinto.

  2. Review the data accessed.

  3. Click Next.

Step 3: Confirm admin access

  1. Select I have admin access to my Azure Active Directory account.

  2. Click Connect to Azure Active Directory.

Step 4: Choose authentication method

Select one of the following:

  • OAuth 2.0.

  • OAuth 2.0 Client Credentials.

Connect using OAuth 2.0

  1. Select OAuth 2.0.

  2. Review the permissions required and click Connect.

  1. Sign in to your Microsoft account in the pop-up window.

  2. Review the requested permissions.

  3. Click Accept.

Sprinto will complete the connection and begin syncing data.

Connect using OAuth 2.0 Client Credentials

  1. Select OAuth 2.0 Client Credentials.

  2. Enter the following details:

    • Client ID.

    • Client Secret.

    • Tenant ID.

  3. Click Connect.

To obtain these values, refer to this guide.

Post-connection flow

After successfully connecting Azure Active Directory:

  • The integration status is shown as Connected.

  • Sprinto begins syncing users, groups, and access data automatically.

  • Azure Active Directory can be added as a critical system under Data Library → Access.

  • You can configure access monitoring rules based on:

    • Roles.

    • Access request tickets.

    • Organisation-wide access policies.

  • Compliance checks are triggered and continuously evaluated.

Troubleshooting

1. Invalid credentials

  • Cause: Incorrect Client ID, Client Secret, or Tenant ID.

  • Resolution: Verify credentials and reconnect.

2. Insufficient permissions

  • Cause: Required API permissions are not granted.

  • Resolution: Ensure all required permissions are added and admin consent is granted.

3. Admin consent not granted

  • Cause: Permissions not approved at the organisation level.

  • Resolution: Grant admin consent in Entra ID.

4. Expired client secret

  • Cause: Client secret validity has expired.

  • Resolution: Generate a new client secret and update it in Sprinto.

5. Tenant or application not found

  • Cause: Incorrect Tenant ID or Application ID.

  • Resolution: Verify values in Azure and retry.

6. Temporary API errors

  • Cause: Rate limiting or service issues.

  • Resolution: Retry after some time. Sprinto automatically handles retries where applicable.

Support

Please get in touch with Sprinto Support if you have any queries related to the integration or need assistance.

PreviousAWS GovCloud IntegrationNextAWS Security Hub Integration

Last updated