Ask AI
All Categories
Directory Integrations
Directory Integration: Entra ID (formerly Azure Active Directory)

Directory Integration: Entra ID (formerly Azure Active Directory)

Last updated on October 20, 2025

This will walk you through the process of integrating Evo to a Microsoft Entra ID (Azure AD) directory. Syncing users from the directory into Evo is a key step in enabling those user accounts to use Evo features such as MFA and Technician Elevation as well as granting your technician users access to the Evo Partner Portal.

Prerequisites

  • Access to your Evo Partner Portal. These directions assume that you have already setup a Break Glass user and have access to your Evo Partner Portal with a global administrator account.
  • Advance steps. The Create Azure Groups and Users steps below can be completed in advance to save time on your onboarding call, if applicable.
  • Microsoft Portal URLs. Pictures shown will be in portal.azure.com but entra.microsoft.com can also be used.

Create Azure Groups and Users

We will need to configure at least one group in Entra to define which users will be synced to Evo. If you are planning to use Evo Technician Elevation, you can also optionally create a new global administrator account that will be used as the account Evo uses to facilitate elevated access for your technicians.

  1. To start, log into your Azure Tenant at entra.microsoft.com with a Global Administrator account.
  1. Select the Groups menu and create a new Group.
Notion image
  1. Give the group an appropriately descriptive name such as EvoSync-TenantName. The naming standard is up to you, there are no technical dependencies on the format of the name.
Notion image
  1. Add any users that you would like to manage with Evo to the newly created group.
    1. If you are planning on using Technician Elevation, also create a new user with the Global Administrator role or the least privilege access role of Microsoft Entra Joined Device Local Administrator with an appropriately descriptive name such as TenantName-EvoElevation and add that new account this group. This will be the account used to facilitate elevated access for your technicians.
Notion image

Once all users have been added into the group, you are all set to start the setup process on your Evo Portal.

Create Evo Tenant & Link to Entra Tenant

In Evo, a Tenant will represent each of your customers. Each tenant will have at least one Directory associated with it. In this scenario, that directory will be the sync to the third-party Microsoft Entra ID directory.

  1. Start by selecting Evo Admin > Tenants and then the Add New Tenant button.
Notion image
  1. Give your Tenant (Customer) a name, ideally aligned with the customer’s name in other systems like your PSA. Select the type of Directory, which should be Entra ID / Azure Active Directory in this case.
Notion image
  1. Give your directory a name that will meaningfully identify it.
    1. TenantName-EntraID is an example naming format, but it is up to you and there are no technical dependencies on the name format.
  1. Return to your Azure portal for your tenant and find the Tenant ID on the main Tenant landing page. Copy the Tenant ID (a long UUID string) and paste it into the Tenant ID field in Evo.
Notion image
  1. Important: Decide whether to sync password back to Evo from Entra.
    1. We strongly recommend enabling this option if you will be using Evo MFA because a user’s password needs to match between Evo and Entra or logins will fail. Enabling the password sync will provide a one-directional sync back from Evo to Azure. If you select this option, you will need to manage password changes in Evo but it will prevent password mismatches going forward.
    2. If you are using Evo MFA and do not enable password syncing, you will need to manage users passwords in both locations and ensure they match.
    3. However, if you are only using Technician Elevation, End User Elevation and/or Help Desk Verification, user passwords do not necessarily have to match between Evo and Entra and so password syncing may not be necessary or desirable.
  1. Optional: Fill in Federation values if you will be using Domain Federation.
    1. Federation is optional and typically is not set up immediately. Review the considerations and instructions for Domain Federation and Evo and consult with our support team to determine if you need to use Domain Federation.
  1. Once all of the necessary fields are filled, click Next. An authorization window will open to initialize the connection between Evo and your Azure tenant. Authenticate as a Global Administrator for the relevant Entra tenant and approve the permissions grant to connect the tenant to Evo.

Configure Azure Application Permissions & Admin Consent

In the initial connection that we just completed between Evo and the Entra ID tenant, an Enterprise Application was created in the Azure tenant, which is the entity in Entra that encapsulates the persistent connection between Evo and Entra.

We need to grant some additional permissions to that Enterprise Application so that it can fully manage authentication and other key Evo functions.

Global Administrator Assignment

  1. Return to your Entra tenant portal and navigate to Microsoft Entra Roles and Administrators.
Notion image
  1. Use the search box on the list of Roles to find Global Administrator and click into that Role.
Notion image
  1. A list of users/applications assigned to the Global Administrator role will appear. Select the Add Assignment option.
Notion image
  1. In the Add Assignments page, find the Evo Enterprise Application. Select it then click Add to commit the change.
    1. Note: You will likely need to search for “Evo” as the list may only contain users and groups by default. A search, however, will also return matching Enterprise Applications.
Notion image

Admin Consent for the Evo App

  1. Still in the Entra ID portal, go to the Enterprise Applications section.
Notion image
  1. Find and select the Evo Security Enterprise Application.
Notion image
  1. From the Evo Enterprise Application’s page, select the Permissions option under the Security section.
Notion image
  1. Click the “Grant Admin Consent for TenantName” button and complete the authentication and permission grant workflow that follows using a Global Administrator account.
Notion image
Notion image

Configure Users & Complete Directory Setup

Select Group of Users to Sync

If the connection succeeds, a list of groups will be shown on screen that represent all of the groups in your Azure Tenant. This may take a few minutes depending on Azure sync cycles.

  1. Select the group(s) that you created with the users that you want to sync over to Evo via the checkboxes and then click Next.
Notion image

Complete Directory Setup

If you do not want to create an Access Token for Agent installation or specify a user for Technician Elevation now, you can click Skip on the next two steps. This will complete the Directory setup.

Alternatively, continue below to complete those steps now.

Optional: Create an Access Token

The next screen in the Tenant setup will be for creating an Access Token. This token will be used for the Evo Login Agent installer, and more details and instructions can be found in the article on Agent installation.

You can proceed with doing this now, or skip it and do it later.

Optional: Designate a Domain Account for Technician Elevation

If using Technician Elevation and your users have synced in already, you can now designate an account to act as the shared account that technicians will elevate into.

  1. Select the account that you would like technicians to elevate into.
      2. Notion image
  1. Since technicians will no longer need the password for that account, Evo will take that account over and automatically handle password rotation. Enter your desired password rotation frequency and click Complete to finish the Directory setup.
 

Sync History

Syncing Users After Completing the Directory Wizard

Once you’ve completed the setup wizard, return to your Directory to perform an immediate synchronization of all users into the Evo Portal.

  1. Navigate to Tenants and select the pencil icon on the right to edit your desired Azure Active Directory (Azure AD).
  1. Scroll down to the Sync History section.
  1. From here, you can:
      • Refresh Sync History – Update the displayed sync records.
      • Force a Sync – Immediately trigger a user synchronization.
      • View Sync History – Review past synchronization events.
      • View Sync Log – Access detailed logs of previous sync operations.

This ensures all user accounts and attributes from Azure AD are promptly reflected within the Evo Portal.

Notion image

Next Steps

The integration of your Entra ID directory is now complete. You can now repeat the process for additional tenants’ directories, or move on to setting up products like Evo MFA or Evo Technician Elevation for users in your newly synced Entra ID directory.

If you have any issues or questions, our team is always ready to assist! Please contact support at support@evosecurity.com or your onboarding contact.

 
Did this answer your question?
😞
😐
🤩
What type of Directory do I need? Set up Evo on Active Directory (LDAP)