Ctrlk

Microsoft Entra ID Integration

You can integrate Microsoft Entra ID with Asset Panda Pro to streamline employee and user management. With this integration, you can sync user data from Azure directly into Asset Panda Pro, simplifying the onboarding process and reducing manual data entry.

You can use the integration in the following ways:

  • Import records into the People collection to enable users to check out items in Asset Panda Pro.

  • Import records into User Configuration to grant users access to log in to the system.

You can use one or both options based on your needs. This improves efficiency, reduces check-out times, and keeps employee data synchronized, offering a seamless experience between the two platforms.

When importing user logins, you must create a separate Active Directory group for each Asset Panda Pro permission level. Your organization must configure these groups because Asset Panda Pro does not manage external system settings.

In addition to the steps described here, you must contact your Implementation Specialist or the Support Team to activate this integration on your Asset Panda Pro account.

Prerequisites

  • Active Asset Panda Prosubscription with Administrative access

  • Microsoft Entra ID deployment within your organization with Administrative access

  • Relevant collections and fields in Asset Panda Pro to map the imported data

Microsoft Entra ID tasks

To connect Microsoft Entra ID (formerly Azure AD) with Asset Panda Pro, complete the following tasks in the Azure Portal.

Register a new application

  1. In the Azure Portal, search for App registrations.

  2. Click New registration.

  3. Enter a Name for the app (for example, Asset Panda Pro Integration).

  4. Under Supported account types, select Accounts in this organizational directory only (Single tenant).

  5. Click Register.

Gather Required IDs

After the app is registered, copy the following details and paste them into the corresponding fields in Asset Panda Pro:

  • Application (client) ID: Paste into Client ID

  • Object ID: Paste into Application Object ID

  • Directory (tenant) ID: Paste into Tenant ID

  • Client Secret Value: Paste into Client Secret

Create a Client Secret

  1. Go to Certificates & secrets.

  2. Click New client secret.

  3. Add a Description and select an Expiration period.

  4. Click Add.

  5. Copy the Client Secret Value (not the Secret ID) of the newly created client secret and paste it into the Client Secret field in Asset Panda Pro.

When creating the Client Secret, make sure to copy the Value immediately after it is generated. This value is only displayed once. If you navigate away or forget to copy it, you will need to generate a new client secret to proceed with the integration.

Add API permissions

You must add permissions to allow Asset Panda Pro to read data from Microsoft Entra ID:

API Permissions

  1. Navigate back to your registered application.

  2. Go to API Permissions.

  3. Confirm that User.Read (delegated) is listed.

Delegated permissions

  1. Click Add a permission.

  2. Select Microsoft Graph.

  3. Select Delegated permissions.

  4. Expand OpenId and select: email profile offline_access

  5. Click Add permissions.

Application permissions

  1. Click Add a permission.

  2. Select Microsoft Graph.

  3. Select Application permissions.

  4. Expand and add the following:

    • ApplicationApplication.Read.All

    • DirectoryDirectory.Read.All

    • GroupGroup.Read.All

    • UserUser.Read.All

    • GroupMemberGroupMember.Read.All

  5. Click Add permissions.

Grant Admin Consent

  1. In the API Permissions page, click Grant admin consent for [Your Directory Name]. A confirmation message is displayed.

  2. Click Yes.

  3. Ensure the Status column shows all permissions as Granted for admin consent.

Asset Panda Pro tasks

Set up the Microsoft Entra ID integration

  1. Log into Asset Panda Pro with an administrator account

  2. Navigate to Settings icon Settings > Account Management.

  3. Expand the appropriate account and module.

  4. Click Manage in the Integrations card.

  5. Select Integrations Store.

  6. In the Microsoft Entra ID tile, click Add. The Integrations in this module tab is displayed.

  7. In the Microsoft Entra ID tile, click Configure.

  8. Enter the following Azure details:

    • Client ID: Azure Application (client) ID

    • Client Secret: Azure Client Secret Value

    • Application Object ID: Azure Object ID

    • Tenant ID: Azure Directory (tenant) ID

  9. Click Test and Save Connection to verify the authentication.

  10. Click Continue with mapping.

  11. Click Add Mapping Option. The Mapping Option view is displayed.

  12. Select one of the following mapping options:

    • To create users with login access:

      1. Click Create Asset Panda users from Microsoft Entra ID with login access.

      2. Enter a name in the Mapping Name field.

      3. For External Entity, select the entity type (for example, Mobile Devices).

      4. For Collection, select a collection (for example, Azure Users).

      5. Map fields from Microsoft Entra ID to the corresponding Asset Panda Pro fields.

    • To import users as reference records without login access:

      1. Click Create Microsoft Entra ID users as collection records without login access.

      2. Enter a name in the Mapping Name field.

      3. For Organizational Unit field, select the relevant unit from Microsoft Entra ID.

      4. For User Role field, assign a role.

      5. Map fields from Microsoft Entra ID to the corresponding Asset Panda Pro fields.

  13. To add more fields, click Add More and repeat the previous step.

  14. Click Save.

You can set up an automation to ensure data stays up to date by syncing records at scheduled intervals.

Map fields

In the Mapping section, select fields from Microsoft Entra ID and map them to fields in Asset Panda.

Unique identifiers

Select one of the following fields as your Unique Identifier to ensure proper record matching and avoid duplication.

Field
Recommended?
Why

User Principal Name

Yes

Typically in [email protected] format. Globally unique, stable, and used for login. Ideal for most organizations.

Object ID

Yes (alternative)

A static, system-generated GUID that never changes. Best for long-term consistency.

Email

Conditional

Use only if all users have a unique and permanent primary email address. Not ideal in environments with aliases.

User de-provisioning & Status handling (Login users only)

Asset Panda Pro does not independently delete users. All de-provisioning actions depend on the user data exposed by Microsoft Entra ID.

If users are created with login access via the Microsoft Entra ID integration, Asset Panda Pro manages user deactivation based on the user’s status in Microsoft Entra ID and the availability of user data through Entra ID APIs.

  • Deactivated users: If a user is disabled in Microsoft Entra ID (accountEnabled = false), the corresponding Asset Panda login user is automatically deactivated during the next sync.

  • Deleted users:

    • If a deleted user is still available in the Deleted Users list in Microsoft Entra ID, Asset Panda Pro can retrieve the record and deactivate the user.

    • If the user is permanently deleted and no longer accessible via APIs, Asset Panda Pro cannot retrieve or update that user.

Microsoft Entra ID fields

Field Name
Description

Account enabled

Indicates whether the user account is active. Used to filter out deactivated or suspended users.

Age group

Specifies the user's age classification (for example, minor, adult). Used in compliance or filtering scenarios.

Business phone

User’s business contact number. Useful for directories or asset assignment contact fields.

City

City listed in the user's profile. Can be used for location-based mapping.

Company name

Organization name associated with the user. Often used for tenant-level reporting.

Country or region

Geographic country/region the user is assigned to.

Department

Department to which the user belongs (for example, HR, Finance). Useful for role-based mapping.

Display name

Full name displayed in the directory (for example, Jane Doe). Helpful for readable labels.

Email

User's primary email address. May be used for contact or login to ensure uniqueness.

Employee hire date

User’s official date of hire. Can help with lifecycle tracking.

Employee ID

Internal or external employee identifier. Useful if used consistently across systems.

Employee org data

Organization-specific metadata (for example, cost center, division). Customizable use.

Employee type

Indicates employment type (for example, contractor, full-time).

External user state

Status of external (guest) users, such as invited or accepted.

External user state change date time

Date/time of the last state change for external users.

Fax number

Deprecated in most environments. Rarely used.

First name

User’s given name. Can be mapped to standard profile fields.

Integration Status

Automatically created and managed by Asset Panda Pro during sync. No manual mapping needed.

Job title

User's role or position (for example, IT Administrator).

Last name

User’s surname or family name.

Mail nickname

User alias used in email routing (for example, jdoe).

Mobile phone

User’s mobile contact number.

Object ID

Unique system-generated ID for each Entra user. Great for strict identity matching.

Office location

User’s office or desk location.

Other emails

Secondary or alternate email addresses. Not recommended for mapping unique identifiers.

Preferred language

Default language preference for the user.

State or province

State/province portion of the user's address.

Street address

User’s street-level address info.

Usage location

Country where the service is being used. Often used for licensing.

User principal name

Primary login name (for example, [email protected]). Highly recommended as the unique identifier.

User type

Defines whether the user is internal (Member) or external (Guest).

ZIP or postal code

Postal/ZIP code from the user’s address.

PreviousMicrosoft Active Directory On-Premises IntegrationNextOkta Integration

Last updated