Last Login for Accounts

The Microsoft Entra ID connector can retrieve the last login date and time for individual users. This information can enable governance workflows to certify access and remove long-standing access if it's no longer needed.

The connector uses the MS Graph API to retrieve the last login account data.

Prerequisites

You must have an Microsoft Entra P1/P2 license to use this feature.

Administrator Permissions

To retrieve the last login account data, the MS Graphs API requires you to assign it the AuditLog.Read.All API permission.

Supported Operations

The connector retrieves last login information during the following operations:

• Account aggregation

• Get account

Required Attributes

This feature requires the following login information:

Attributes related to Interactive Authentication method

Note
If you have an existing connector with attributes in your account schema named lastSignInDateTime and lastNonInteractiveSignInDateTime, the connector will still aggregate the values assigned to those attributes.

• signInActivity.lastSignInDateTime: To retrieve the last time a user logged into the directory with an interactive authentication method.

• signInActivity.lastSignInRequestId: To retrieve the request identifier of the last interactive sign-in performed by this user.

Attributes related to Non-interactive Authentication method

• signInActivity.lastNonInteractiveSignInDateTime: To retrieve the last time a client signed in to the directory on behalf of a user.

• signInActivity.lastNonInteractiveSignInRequestId: To retrieve the request identifier of the last non-interactive sign-in performed by this user.

Other Supported Attributes

The following attributes are also supported along with the above listed attributes:

• signInActivity.lastSuccessfulSignInDateTime:To retrieve the date and time of the user’s most recent successful sign-in activity.

• signInActivity.lastSuccessfulSignInRequestId: To retrieve the request ID of the last successful sign-in.