Azure Entra ID Connection

Infisical’s Azure Entra ID Connection lets you authenticate with Microsoft Entra ID (formerly Azure Active Directory) using Client Secrets. Prerequisites:

Set up an Azure account with an existing Azure Entra ID tenant.
Register an App Registration in Azure with the necessary Microsoft Graph API permissions for your use case.

Required Azure Permissions

The permissions required for your Azure Entra ID Connection depend on what you intend to use it for.For SCIM Token Secret Sync:Your App Registration must have the following Microsoft Graph API Application permissions:

Application.ReadWrite.All — Required to read and update synchronization secrets (SCIM tokens) on enterprise application service principals.
Synchronization.ReadWrite.All — Required to list synchronization jobs on service principals and to write SCIM provisioning tokens.

After adding the permission, an admin must Grant admin consent for the permission to take effect.

Setup Azure Entra ID Connection in Infisical

Infisical UI
API

Navigate to App Connections

Navigate to the Organization Settings page, then select App Connections. Click on the Add Connection button. App Connections Tab

Add Connection

Select the Azure Entra ID option from the connection options modal. Add Azure Entra ID Connection

Create Connection

Fill in the following fields with the credentials from your Azure App Registration:

Tenant ID: The Directory (Tenant) ID of your Azure Entra ID tenant.
Client ID: The Application (Client) ID of your registered application.
Client Secret: A client secret generated for your registered application.

Click Connect to create the connection. Fill in Azure Entra ID Connection Details

Connection Created

Your Azure Entra ID Connection is now available for use with features such as the Azure Entra ID SCIM Secret Sync.

To create an Azure Entra ID Connection via API, send a request to the Create Azure Entra ID Connection endpoint.

Sample request

Request

curl    --request POST \
        --url https://app.infisical.com/api/v1/app-connections/azure-entra-id \
        --header 'Content-Type: application/json' \
        --data '{
            "name": "my-azure-entra-id-connection",
            "method": "client-secret",
            "credentials": {
                "tenantId": "your-tenant-id",
                "clientId": "your-client-id",
                "clientSecret": "your-client-secret"
            }
        }'

Sample response

Response

{
  "appConnection": {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "name": "my-azure-entra-id-connection",
      "description": null,
      "version": 1,
      "orgId": "6f03caa1-a5de-43ce-b127-95a145d3464c",
      "createdAt": "2023-11-07T05:31:56Z",
      "updatedAt": "2023-11-07T05:31:56Z",
      "isPlatformManagedCredentials": false,
      "app": "azure-entra-id",
      "method": "client-secret",
      "credentials": {}
  }
}

Azure DNS Connection Azure Key Vault Connection

⌘I

Getting Started

Platform Reference

Connectivity

Authentication Methods

Self-host Infisical

Internals

Contributing

Azure Entra ID Connection

Setup Azure Entra ID Connection in Infisical

Sample request

Sample response

Getting Started

Platform Reference

Connectivity

Authentication Methods

Self-host Infisical

Internals

Contributing

Documentation Index

​Setup Azure Entra ID Connection in Infisical

​Sample request

​Sample response

Setup Azure Entra ID Connection in Infisical

Sample request

Sample response