Skip to main content

Cloud Directory Configuration: Microsoft Entra ID

Learn how to set up Microsoft Entra ID cloud directories.

Prerequisites

  • Required permissions: Admin-level access in Trio and administrator access to the Microsoft Entra ID tenant

  • Supported platforms: Microsoft Entra ID (formerly Azure AD)

  • Time estimate: 10–15 minutes per directory

  • Additional requirements: OAuth 2.0 admin consent for directory access

Before You Start

The Microsoft Entra ID integration allows you to sync users and groups directly from your Azure AD tenant into Trio. This ensures your device directory stays current, aligned, and policy-compliant.

This integration is read-only—Trio never modifies any data in your Entra ID tenant.

Step 1: Go to Cloud Directories

  1. Navigate to the Integrations section in the left sidebar.

  2. Click on Cloud Directories.

Expected result: You’ll see a "No Directory Connected" screen with options to connect Google Workspace or Microsoft Entra ID.

Step 2: Choose Microsoft Entra ID

  1. Click Connect Microsoft Entra ID under the Microsoft Entra ID option.

Expected result: A setup panel opens explaining what this integration enables:

  • User & Group Syncing

  • OU & Group Filtering

  • Scheduled or Manual Sync

Step 3: Begin Integration Setup

  1. Click Get Start to begin.

  2. On the next screen, under Set a Directory Name, enter a label (e.g., HR users entra 2).

⚠️ Note: Do not authorize the same Microsoft Entra ID directory more than once. This may cause sync issues.

  1. Click Sign in with GoMicrosoft Entra ID to authenticate using a Microsoft admin account.

Expected result: You are redirected to Microsoft’s OAuth page to authorize the connection securely.

Step 4: Confirm Connection and Configure Sync

After successful sign-in, you’re redirected to the Cloud Directories list.

Your connected directory appears with the following tabs:

  • Details

  • Users

  • User Groups

  • Activity Log

In the Import Users section, you can:

  • Perform a Manual Import

  • Enable or disable Automatic Sync

You can import users within the Cloud Directories integration settings.

  1. Click on Start manual import to begin the process.


​2. Upon clicking on the Import button, a sidebar will open and you will see a list existing and recently added users. Select the users you need and click "Import".

After importing the users, click on the Users tab to see the recently added users.

Also, if you navigate to Identity > Users and click on "Add", you will see your freshly setup directory within the drop down menu.

Note: Pending users need activation. To activate a user, go to Users and select the intended user to complete the process.

Step 5: Add Domains (Optional but Recommended)

  1. Scroll to the Domains section under your connected directory.

  2. Click + Add Domain and enter domains associated with your Microsoft tenant (e.g., example.com, branch.example.org).

  3. Save your changes.

Why this matters: Domain filtering ensures only users belonging to selected email domains are eligible for import.

Step 6: Configure Attribute Mapping

  1. Click the Attribute Mapping tab.

  2. Review default mappings (e.g., Display Name, Email, Phone, Department, etc.).

  3. To customize:

    • Click the Edit icon next to the attribute

    • Select another attribute from the Entra ID schema (e.g., map Job Title to a custom field in Trio)

Best practice: Keep the email and display name as default for seamless user identification.

Expected result: Attribute mappings are saved and used during all imports.

Step 7: Set Import Rules

  1. Under the Import Users section, select your desired sync behavior:

    • Manual Import: Click this if you prefer to review users before bringing them in.

    • Automatic Sync: Toggle this on to enable daily user syncing.

Provisioning Note:

  • Active users in Entra ID → marked as Pending in Trio

  • Disabled users in Entra ID → marked as Deactivated in Trio

Click View Settings to adjust these provisioning rules if needed.

Step 8: Import Users

If using Manual Import, you'll see these options:

  • Select specific new users to import
    Manually pick new users to bring into Trio. Suspended users in Entra ID will be set to deactivated in Trio.

  • All New and Updated Users
    Imports all new users + any modified attributes for existing users.

  • Only Updated Users
    Syncs only the changes for already imported users.

  • Only Newly Added Users
    Adds new users without touching existing ones.

  1. Choose your preferred method.

  2. Click Import.

Expected result: The import runs and brings users into Trio with mapped attributes and directory labels.

Step 9: Verify Imported Users and Activity

  1. Go to the Users tab to view synced users.

  2. Use filters to review status: Pending, Deactivated, Active.

  3. Navigate to the Activity Log tab to review import actions and timestamps.

Expected result: A log of successful and failed syncs is visible for auditing.

Related Articles
Identity Provider Configuration: Microsoft Entra ID
Cloud Directory Configuration: Google Workspace
Cloud Directory Integration
Welcome to Trio: Your Complete Onboarding Guide for a Successful Setup
SCIM Integration: User Provisioning on MS Entra ID
Did this answer your question?