Platform
Integrations
Identity Providers
Entra ID

Integrating Microsoft Entra ID with Nordstellar Platform

This guide will walk you through the steps to set up a secure, one-way synchronization of your user directory from Microsoft Entra ID (formerly Azure Active Directory) to Nordstellar. This ensures that your employee list on Nordstellar is always up-to-date with your Entra ID directory.

Prerequisites

To complete this setup, you will need:

  • Administrator access to your Microsoft Entra ID tenant (Azure portal).

  • Permissions to register applications and grant API permissions within Entra ID.

Step 1: Configure Microsoft Entra ID (Azure AD)

This step involves registering an application in your Entra ID tenant, obtaining the necessary credentials (Client ID, Client Secret, Tenant ID), and granting the required API permissions.

  1. Find Your Tenant ID (Directory ID):

    • Open your web browser and navigate to the Azure portal (opens in a new tab).

    • Sign in with an administrator account.

    • In the Azure portal, search for and select Microsoft Entra ID.

    • On the Overview page, you will find your Tenant ID (also known as Directory ID). Copy this value. You will need it for the Nordstellar Platform configuration.

  2. Register a New Application:

    • In Microsoft Entra ID, navigate to App registrations from the left-hand menu.

    • Click + New registration.

    • Name: Give your application a descriptive name, e.g., Nordstellar-User-Sync.

    • Supported account types: Select "Accounts in this organizational directory only (Default Directory only - Single tenant)".

    • Redirect URI (optional): You don't need to configure a Redirect URI for this server-to-server integration, as there's no user interactive login. Leave it blank.

    • Click Register.

  3. Obtain Client ID:

    • After the application is registered, you will be taken to its Overview page.

    • Copy the Application (client) ID. This is your Client ID. You will need it for the Nordstellar Platform configuration.

  4. Generate a Client Secret:

    • From the left-hand menu of your registered application, click Certificates & secrets.

    • Under Client secrets, click + New client secret.

    • Description: Add a description (e.g., Nordstellar Sync Secret).

    • Expires: Choose an expiration period (e.g., 1 year, 2 years, or Never). Note: If you choose an expiration, you will need to regenerate and update this secret on the Nordstellar Platform before it expires.

    • Click Add.

    đź’ˇ

    IMPORTANT: The Value of the client secret will be displayed only once immediately after creation. Copy this value securely. This is your Client Secret. You will need it for the Nordstellar Platform configuration. If you navigate away from this page, you cannot retrieve it again and will need to generate a new one.

  5. Configure API Permissions:

    • From the left-hand menu of your registered application, click API permissions.

    • Click + Add a permission.

    • Select Microsoft Graph.

    • Choose Application permissions (as this is a server-to-server integration, not on behalf of a signed-in user). Important: Do not select Delegated permissions, as this will cause the integration to fail.

    • Search for and select the following permissions:

      • User.Read.All (Required to read all user profiles)

      • Group.Read.All (Optional, if you plan to synchronize groups in the future)

    • Click Add permissions.

    • Grant Admin Consent: After adding permissions, you will see a button "Grant admin consent for <your-tenant-name>". Click this button and confirm. This step is crucial to activate the permissions for your application.

Step 2: Configure on Nordstellar Platform

Now that you've completed the setup in Microsoft Entra ID, return to the Nordstellar Platform to finalize the integration.

  1. Navigate to Integration Settings:

    • On the Nordstellar Platform, go to the Settings section.

    • In the right-side menu, under the Connect section, click Integrations.

    • Click Connect on the Azure Entra Id card.

  2. Enter Entra ID Details:

    • You will find fields to enter your Client ID, Client Secret, and Tenant ID.

    • Client ID: Paste the Application (client) ID you copied in Step 1, point 3.

    • Client Secret: Paste the Client Secret Value you copied in Step 1, point 4.

    • Tenant ID: Paste the Tenant ID (Directory ID) you copied in Step 1, point 1.

  3. Test Connection:

    • Click the "Test Connection and Continue" button.

    • Our platform will attempt to connect to your Azure Entra ID tenant using the provided details.

    • Success: If the connection is successful, you will receive a confirmation message.

    • Failure: If the connection fails, an error message will be displayed. Please refer to the troubleshooting section below.

  4. Save Configuration:

    • Once the connection test is successful, the platform will automatically begin daily user synchronization.

(Optional) Disable Autodiscovery for Your Domain

By default, once integration with your chosen IDP is enabled, Nordstellar will sync users from two sources—unless you specifically toggled off Autodiscovery when adding the domain to your watchlist:

  • Nordstellar Autodiscovery: Detects emails associated with your added domains.
  • Your IDP: Syncs verified, current employee accounts from Microsoft Entra ID.

If you prefer to use only your IDP as the source of users, you can disable Autodiscovery for specific domains at any time.

To turn off Autodiscovery for a domain:

  1. Go to the Asset List section in Nordstellar.
  2. Select the Domains tab.
  3. Find the domain you want to update and click the three dots (...) next to it.
  4. Click on Autodiscovery.
  5. In the modal that appears, toggle off Autodiscovery.
  6. Click Save.

This ensures that only users from your IDP are monitored on the platform.

Troubleshooting

If your connection test fails, please review the following common issues:

  • Microsoft Entra ID Connection Failed:

    • Client ID & Client Secret: Ensure these credentials are correct and match the application registration in your Entra ID tenant.

    • Tenant ID: Confirm the Tenant ID (Directory ID) is accurate for your Entra ID instance.

    • API Permissions: Check your Entra ID application registration to ensure it has the required API permissions (e.g., User.Read.All, Group.Read.All) and that admin consent has been granted.

    • Wrong Permission Type (Delegated vs. Application): If you accidentally selected Delegated permissions instead of Application permissions, the integration will fail because Nordstellar connects as a service (daemon), not as a signed-in user.

      How to check:

      • In the API permissions list, look at the Type column.
      • If it says "Delegated": This is incorrect. The application cannot run in the background with this type.

      The Fix:

      1. Click the three dots (...) next to the permission and remove it.
      2. Click + Add a permission > Microsoft Graph.
      3. Crucial Step: Click the large box that says Application permissions (on the right), not Delegated permissions.
      4. Search for User.Read.All again, add it, and Grant Admin Consent again.

    • Client Secret Expiration: If you set an expiration, ensure the secret has not expired.

    • Network/Firewall: Confirm there are no network restrictions preventing access to Microsoft Entra ID.

If you've checked these details and the problem persists, please contact your IT administrator or Nordstellar support for assistance.

By following these steps, your Nordstellar Platform will be successfully integrated with your Microsoft Entra ID, ensuring your user data is always current.

Getting StartedGoogle Workspace
NordStellar © 2026Privacy Policy