Skip to content

Azure Pre Onboarding Check

Before connecting Microsoft Azure to SailPoint Entro, perform the following verification steps. These checks ensure your Azure environment is correctly configured for secure and successful integration.

  1. Verify Azure Administrator Access

    Confirm that the user performing onboarding holds at least one of the following roles:

    • Global Administrator

    • Application Administrator

    • Privileged Role Administrator

    • Go to [https://portal.azure.com](https://portal.azure.com/).

    • Click the Cloud Shell (>_) icon at the top-right of the portal header.

    • Choose Bash (not PowerShell).

    Run the following command in Azure CLI:

    az role assignment list --assignee <your_user_principal_name> --output table
    

    Expected: one of the above roles appears in the results.

  2. Confirm API and Portal Availability

    • Verify access to https://portal.azure.com.

    • Ensure outbound network connectivity to these endpoints:

      • https://api.entro.security

      • https://graph.microsoft.com

      • https://management.azure.com

    If outbound HTTPS is restricted, onboarding will fail.

  3. Validate Azure CLI Installation (Optional)

    Run the following commands to confirm that Azure CLI is installed and authenticated:

    az version
    az login
    az account show
    
  4. Confirm Tenant and Subscription Context

    Record these values for the onboarding process:

    • Tenant ID

    • Subscription ID

    • Azure Client ID (once App Registration is created)

    These will be required during the connection step in SailPoint Entro.

  5. Check for Existing Entro App Registration

    If onboarding has been attempted previously, check for an existing SailPoint Entro app registration:

    Find SailPoint Entro app registration

    az ad app list --display-name "EntroSecurityIntegration"
    

    If found, either delete it or reuse it after secret rotation.

  6. Verify Key Vault Access Control Mode

    For environments using Azure Key Vault:

    1. Navigate to a Key Vault in the Azure Portal.

    2. Under Access configuration, verify whether it uses:

      • Vault access policy, or

      • Azure RBAC

    SailPoint Entro supports both access models. Ensure that at least read metadata access is available — SailPoint Entro never reads secret content.

  7. Optional Connectivity Test to SailPoint Entro

    To confirm connectivity from a connector or VM host, run:

    Connectivity test

    curl -I https://api.entro.security/health
    

    Expected response: 200 OK

Pre-Onboarding Checklist

Check Description
Azure Administrator Confirm user has Global or Application Administrator Role
Network Connectivity Outbound HTTPS to SailPoint Entro and Microsoft Graph
Azure CLI Installed Azure CLI authenticated and working
Tenant & Subscription Recorded Tenant ID and Subscription ID noted
Existing App Registration None found or ready for reuse
Key Vault Access Control Read metadata access confirmed