Entra ID Profiles – Configure Microsoft Entra ID (Azure AD) Connections
Overview
Section titled “Overview”The Entra ID Profiles page manages connections to Microsoft Entra ID (formerly Azure Active Directory) for cloud-based user authentication. Each profile defines the tenant connection credentials, which user properties map to MideyeServer fields, how group membership is validated, and how phone numbers are formatted.
The list page displays a real-time connection status indicator for each profile. Configuration changes are validated live against the Entra ID tenant as you edit.
Access & Permissions
Section titled “Access & Permissions”Required Role: ROOT, SUPER_ADMIN, or ADMIN (to create, edit, or delete profiles)
Navigation: Home → Directory Settings → Entra ID Profiles
| Role | View | Create / Edit / Delete | Search User |
|---|---|---|---|
| ROOT | ✅ | ✅ | ✅ |
| SUPER_ADMIN | ✅ | ✅ | ✅ |
| ADMIN | ✅ | ✅ | ✅ |
| OPERATOR | ✅ | ❌ | ✅ |
Features & Configuration
Section titled “Features & Configuration”Data Grid Columns
Section titled “Data Grid Columns”| Column | Description | Visibility |
|---|---|---|
| Name | Profile name with live connection status indicator | Always |
| Default Auth Type | Default MFA method for users in this directory | Default |
| Action | Edit, Delete, Search User buttons | Always |
Action Buttons
Section titled “Action Buttons”| Action | Description | Role Required |
|---|---|---|
| Edit | Open the 5-tab edit form | Admin |
| Delete | Delete the profile | Admin |
| Search User | Look up a user in Entra ID | Any authenticated |
Create / Edit Form
Section titled “Create / Edit Form”The form has five tabs and performs live verification against the Entra ID tenant.
Tab 1: General
Section titled “Tab 1: General”Tenant connection credentials and default authentication settings.
| Field | Type | Required | Validation | Default | Description |
|---|---|---|---|---|---|
| Name | Text | Yes | Unique (async check) | — | Unique name for this profile |
| Tenant ID | Text | Yes | — | — | Microsoft Entra ID tenant identifier |
| Client ID | Text | Yes | — | — | Application (client) ID registered in Entra ID |
| Client Secret | Password | Yes | — | — | Application client secret |
| Default Auth Type | Select | Yes | — | TOUCH_MOBILE | Default MFA method |
| Default Message Type | Select | Yes | — | FLASH_SMS | OTP delivery method (FLASH_SMS or INBOX_SMS) |
Tab 2: User Properties
Section titled “Tab 2: User Properties”Maps Entra ID user properties to MideyeServer fields.
| Field | Type | Default | Description |
|---|---|---|---|
| Mobile Phone Property | Text | mobilePhone | Entra ID property containing the mobile number |
| Token Number Property | Text | businessPhones | Entra ID property for hardware token number |
| Override Defaults | Checkbox | Off | Enable per-user auth type and message type from Entra ID |
| Auth Type Property | Text | postalCode | Entra ID property for per-user auth type (disabled unless Override Defaults is on) |
| Message Type Property | Text | employeeId | Entra ID property for per-user message type (disabled unless Override Defaults is on) |
Tab 3: Group Check
Section titled “Tab 3: Group Check”Controls group-based access restrictions.
| Field | Type | Default | Description |
|---|---|---|---|
| Enable Group Check | Checkbox | Off | Restrict authentication to members of specified groups |
| Allowed Group IDs | Text | — | Comma-separated Entra ID group IDs (disabled unless Group Check is on) |
| Enable RADIUS Translation | Checkbox | Off | Enable LDAP-to-RADIUS attribute translation for this profile |
Tab 4: Phone Number Correction
Section titled “Tab 4: Phone Number Correction”Automatic phone number formatting for Entra ID–sourced numbers.
| Field | Type | Default | Description |
|---|---|---|---|
| Enable Phone Number Auto Correction | Checkbox | Off | Enable automatic formatting |
| International Prefix | Text | +46 | Country code prefix (disabled unless auto-correction is on) |
| Remove Leading Zero | Checkbox | Off | Strip leading zero from national numbers |
| Remove Parenthesis Body | Checkbox | Off | Remove content within parentheses |
Tab 5: User Locking
Section titled “Tab 5: User Locking”Account lockout settings for failed authentication attempts.
| Field | Type | Required | Validation | Default | Description |
|---|---|---|---|---|---|
| Enable User Locking | Checkbox | No | — | On | Lock accounts after excessive failures |
| Max Failed Attempts | Number | Yes | Min: 1 | 10 | Failed attempts before locking (disabled unless locking is on) |
| Minutes Locked | Number | Yes | Min: 1 | 1 | Lock duration in minutes (disabled unless locking is on) |
User Search
Section titled “User Search”The Search User functionality navigates to a dedicated search page where you can look up users in the Entra ID tenant.
Steps:
- Click the Search User icon for the target profile.
- Enter a user principal name (e.g.,
user@domain.com). - View the user’s properties including name, phone numbers, group memberships.
Common Use Cases
Section titled “Common Use Cases”Connecting to Microsoft Entra ID
Section titled “Connecting to Microsoft Entra ID”- In the Azure portal, register an application and grant
User.Read.AllandGroup.Read.Allpermissions. - In MideyeServer, click Add New.
- Enter the Tenant ID, Client ID, and Client Secret from the Azure app registration.
- Set the default authentication type.
- Save — the live verification confirms connectivity.
Restricting Access by Group
Section titled “Restricting Access by Group”- Edit the Entra ID profile.
- Go to the Group Check tab.
- Enable Enable Group Check.
- Enter the Entra ID group object IDs (comma-separated).
- Save. Only members of the specified groups can authenticate.
Enabling Per-User Auth Types
Section titled “Enabling Per-User Auth Types”- Edit the profile.
- Go to the User Properties tab.
- Enable Override Defaults.
- Specify the Entra ID properties that contain per-user auth types.
- Save. MideyeServer reads auth types from the specified properties instead of using the default.
Troubleshooting
Section titled “Troubleshooting”| Issue | Possible Cause | Resolution |
|---|---|---|
| Connection indicator red | Invalid tenant ID, client ID, or secret | Verify Azure app registration credentials |
| User not found | User principal name incorrect or user not in tenant | Check the exact UPN in the Azure portal |
| Group check blocks valid users | Wrong group IDs | Verify group object IDs in the Azure portal |
| Phone number format issues | Numbers stored inconsistently in Entra ID | Enable phone number auto-correction |
| Users locked unexpectedly | Low max failed attempts threshold | Increase the threshold on the User Locking tab |
Related Pages
Section titled “Related Pages”- RADIUS Clients — Assign Entra ID profiles to RADIUS clients
- LDAP Profiles — Configure on-premises directory connections
- RADIUS Translation — Map directory attributes to RADIUS response attributes
- Locked Users — View and unlock users locked by failed attempts