Skip to main content
Sign in

Creating extended integrations for Microsoft Entra ID users

  • June 17, 2026 11:42
  • Updated

Sync Microsoft with Oomnitza to gain visibility of user data. 

You can choose one of the following extended integrations:

  • Microsoft Entra ID User Load.
  • Microsoft Entra ID User Load with Filtering. Choose this option if you want to add a filter to refine the data that is synced with Oomnitza. To do this, you add a filter in the Integration details section. To retrieve all the data you enter Default. Alternatively, you can create a a filter to retrieve data.  See Use the $filter query parameter. The pattern for adding a filter is as follows: <field> <operator> (<'value1'>, <'value2'>, <'value3'>). Example: employeeType in ('Admin', 'Staff', 'Faculty', 'Contingent Workers', 'EmpStudent').

Before you start

To add the integration, you must retrieve the following information from Microsoft:

Domain. The fully qualified URL including the name of the protocol. The default URL is https://graph.microsoft.com.

Credentials

The type of authorization that is used is OAuth2 client credentials.

You must provide the following information to add the credentials to Oomnitza:

  • Client ID and secret
  • Tenant ID
  • Scopes
  • Domain

To retrieve the credentials information, complete the following actions in Microsoft.

  1. Register your app to get your Client ID, Tenant ID, and Client Secret. See Register an application.  
  2. Get an access token without a user. See Get access without a user
  3. Grant the app the required permissions or scopes. To sync user data with Oomnitza, you must grant the app User.Read.All, application permission and then get an authorized administrator  to grant consent. See List users.

Adding credentials to Oomnitza

Make life easier and add your credentials to Oomnitza before you create the integration.  

  1. In Oomnitza, click Configuration > Security > Credentials.
  2. Click Add new credential (+).
  3. Search for the integration, and then click the forward arrow > to select the integration.
  4. Enter your client credentials and any other additional information.
  5. Click Authenticate. You are prompted to log in to authorize your request.
  6. Click CREATE.

Creating the integration

Creating the integration

  1. In Oomnitza, click Configuration > Integrations > Overview.
  2. Click Block view block_view.PNG.
  3. On the Integrations page, scroll down to the Extended section for user integrations.
  4. Click NEW INTEGRATION.
  5. In the sidebar, search for the integration.
  6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

  • User only. Add user records.
  • User plus SaaS user. User records and SaaS user records are retrieved. User records are displayed on the People page and SaaS user records can be accessed when you open the SaaS application record on the SaaS page and click the Users tab. In addition to retrieving information about the SaaS application such as usernames, you also retrieve key information such as the user's SaaS role and last activity which will enable you to reduce costs by monitoring SaaS usage and removing users who aren't using the SaaS application. To maintain data hygiene, you can enable the deactivate feature.
  • Software SaaS Selection. Link the vendor application to the Oomnitza Software Catalog which is a repository of supported vendor applications and services. If an entry for the vendor application is not shown in the list, it means that the vendor application has not been added to the SaaS page in Oomnitza and linked to the catalog. See SaaS details overview. You can ignore this field because the vendor application is automatically linked to the catalog when the integration is saved.

Important
Now that user information can be retrieved and users deactivated when the integration is run, you can deactivate or remove the workflows that were added to retrieve SaaS user information and deactivate SaaS users. (The block that is used to complete these actions in workflows is the SaaS User Role Retrieval block.)

When you enable the Deactivate feature, the following actions are completed when the integration runs:

  • If a user record is missing from the data source - the vendor application - or if the record is marked as inactive in the data source, the user record is deactivated in Oomnitza.
  • If a user record was deactivated and is now available in the data source, for example, the user logs into the SaaS application, the user record becomes active in Oomnitza. 

Installation types

  • Cloud. Store credentials in the Oomnitza cloud.
  • Local. Store credentials locally. If you want to sync Oomnitza with vendor applications that require AWS or OAuth authentication, select cloud as the type of installation. Local installations don't support AWS and OAuth authentication. 

Integration preferences

  • Create & Update. Add and update records.
  • Create only. Add records.
  • Update only. Update records.

Editing the integration details

TipBulb_Icon_small.svg When you edit the Integration details section, you can select the name or names of integration contacts.  Integration contacts will receive an in-app notification and an email, when the integration fails, when the integration fails to complete within 24 hours, or when the scheduled integration fails to run.

  1. Click Edit edit_black_pencil_icon.svg.
  2. Make your changes.

Editing the credential details

If you selected Cloud as the installation type, choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Scheduling the integration

By default, data is synced once every day. Change the interval or the time so that the data is streamed when your system isn't busy.

  1. Click Edit edit_black_pencil_icon.svg.
  2. Make and save your changes.

Mapping fields to Oomnitza

To map the fields to Oomnitza, click Edit edit_black_pencil_icon.svg.

 cog_red_dot_small_icon.svg Select Edit integration to add rules for syncing data. small_blue_link.svg Filtering integration results.  
 

You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. 
small_blue_link.svg Creating custom API fields. 

Mappable fields

Age Group
City
Company Name
Connector Sync Time
Consent Provided For Minor
Creation Date
Creation Type
Department
Display Name
Employee Hire Date
Employee ID
Employee Type
Fax number
Given Name
ID
Is Account Enabled
Is Resource Account
Job Title
Last Password Change Date
Legal Age Group
Mail
Mail Nickname
Mobile Phone
Office Location
Password Policies
Postal Code
Preferred Language
State
Street
Surname
Usage Location
User Principal Name
User Type

Click SMART MAPPING to get a head start in mapping the fields. To map other fields, you can click the down arrow down-arrow-icon.svg in the fields that you want to map to Oomnitza. Select Add new Oomnitza field. Replace the name with a user-friendly name, and click CREATE.

Launching the integration

Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, see Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, see Running an extended integration locally.

Viewing data ingested by Oomnitza

Viewing ingested asset data

For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.

Viewing ingested user data

For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab. 

Related Links

 

Related articles

Comments

0 comments

Please sign in to leave a comment.