Skip to content

Integrating with Microsoft Entra ID

The Application Visibility platform is deployed in Microsoft Entra ID as a multi-tenant application. Application Visibility uses Microsoft Entra ID API to authenticate end users and administrators logging into the Application Visibility platform and to gather information on applications integrated with Microsoft Entra ID and their permissions.

Once integrated with Microsoft Entra ID, Application Visibility can:

  • Allow the browser extension and Application Visibility administrators to authenticate against the IdP.
  • Read the list of SaaS applications that have been installed in your organization, and parse SSO logs to continuously detect SSO’ed accounts.
  • Support listing user accounts, user groups, application, and related user activity in the admin portal.
  • Review the IdP configuration, such as MFA settings and last password rotation dates.

You will first create an application integration in Microsoft Entra ID to configure authentication, and then create a Privileged Role Administrator.

To establish trust with Microsoft Entra ID, an Azure Active Directory Administrator with the Privileged role administrator role is required.

To configure authentication:

  1. Log into the Application Visibility admin console at https://app.savvy.security/ using your admin credentials.
  2. Go to Settings > General Settings.
  3. Select the Identity Provider tab.
  4. Select +Add.
  5. Select Azure AD.
  6. Select Connect.
  7. If your are an Azure Active Directory Administrator with an admin privileged role, select Open link.
    • Select the checkbox to accept the permissions requested by Application Visibility. For a full list of requested permissions, refer to Requested Permissions.
    • A confirmation page is displayed confirming trust has been successfully established.
  8. If you are not an Azure Active Directory Administrator with an admin privileged role, select Copy link.
    • Ask your Microsoft Entra ID administrator with an admin privileged role, to click on the copied link and establish trust.
    • Once trust is established, select Connect.
  9. A green dot is displayed confirming that connection was established.

Application Visibility admins can now access the Application Visibility portal. For more information refer to Accessing Application Visibility.

Requested Permissions

The following table shows the permissions required by Application Visibility applications from Microsoft Entra ID.

Microsoft Permission name Description
Directory.Read.All Read directory data
User.Read.All Read all users' full profiles
Application.Read.All Read all applications
AuditLog.Read.All Read all audit logs
Policy.Read.All Read all organizational policies (e.g., Conditional Access, authentication, token policies)
UserAuthenticationMethod.Read.All Read all users' registered authentication methods (e.g., phone, FIDO2, Authenticator app)
email
openid
profile
User.Read		 Log in (OpenID Connect 2.0) and read user's profile

Creating a Privileged Role Administrator in Azure Active Directory

  1. Log in to Azure Portal at https://portal.azure.com/.
  2. Under Azure Services, select Azure Active Directory.
  3. Select Users and select the user that will be used for the Application Visibility authorization.
  4. From the left panel, select Assigned roles.
  5. Select Add assignment and select the checkbox besides Privileged role administrator.

The role is now assigned to the user. To verify, check that the Resource Name is set to Directory and the Assignment Path is set to Direct.