Microsoft Entra ID Connector
Connect OnPremiseAgent to Microsoft Entra ID (formerly Azure AD) for enterprise-grade single sign-on, role-based access control, and automated user provisioning. Synchronize groups, enforce conditional access policies, and maintain a unified identity layer across your AI agent infrastructure — all while keeping authentication data within your network boundary.
SAMLOIDCOAuth 2.0
Auth
SAML, OIDC, OAuth 2.0
Category
Identity & Access
Compatibility
Docker, Kubernetes, Bare Metal
Tier
Available
Purpose-built capabilities
Everything you need to integrate Microsoft Entra ID into your on-premise agent workflows.
Single Sign-On
Enable SSO for all users via SAML 2.0 or OIDC, eliminating password fatigue and reducing credential exposure.
Group Mapping
Automatically map Entra ID security groups to OnPremiseAgent roles and permissions for frictionless RBAC.
Conditional Access
Enforce device compliance, location-based restrictions, and MFA requirements before granting agent access.
SCIM Provisioning
Automatically create, update, and deactivate user accounts when changes occur in your directory.
Audit Trail Integration
Route all authentication events to your Entra ID audit logs for centralized compliance reporting.
Multi-Tenant Support
Connect multiple Entra ID tenants to a single OnPremiseAgent deployment for complex enterprise structures.
01
Register Application
Create an enterprise application registration in your Entra ID tenant and configure redirect URIs.
01
Key Benefits
Why enterprises choose this connector
- Eliminate separate credentials for AI agent access
- Enforce corporate security policies across all agents
- Automatic user lifecycle management via SCIM
- Complete authentication audit trail for compliance
- Support for Conditional Access and MFA policies
- Seamless integration with existing Microsoft 365 environments
01
Enterprise SSO Rollout
Deploy SSO for 10,000+ employees across departments, ensuring every user accesses AI agents with their corporate credentials.
02
Compliance-Ready Access
Meet SOC 2 and ISO 27001 access control requirements with centralized identity management and audit logging.
03
Automated Onboarding
New hires automatically get AI agent access based on their department and security group membership.
Frequently Asked Questions
Does this require Azure AD Premium?
Basic SSO works with any Entra ID tier. Advanced features like Conditional Access and SCIM provisioning require Entra ID P1 or P2.
Can I use both SAML and OIDC?
Yes. You can configure both protocols simultaneously — SAML for legacy applications and OIDC for modern workloads.
Does authentication data leave my network?
No. All authentication is handled between your Entra ID tenant and your on-premise OnPremiseAgent deployment. No user credentials are stored or transmitted to our servers.
How does group sync work?
OnPremiseAgent reads group claims from the SAML assertion or OIDC token at login time. With SCIM enabled, group membership is also synchronized on a configurable schedule.
Works great with
Combine Microsoft Entra ID with these connectors for a complete integration stack.
Ready to connect Microsoft Entra ID?
Deploy on your own infrastructure with full data sovereignty. Get started in minutes.