Microsoft Entra ID Integration

Integrating Microsoft Entra ID with Asset Panda allows you to streamline employee and user management. With this integration, you can sync user data from Azure directly into Asset Panda, simplifying the onboarding process and reducing manual data entry. Whether syncing employees as Asset Panda users, or adding them to a People Collection, this integration ensures up-to-date, accurate information. It improves efficiency, reduces check-out times, and keeps employee data synchronized, offering a seamless experience between the two platforms.

You can use the integration in two ways:

  1. Import records into the people group to enable users to check out items in Asset Panda.

  2. Import records into the user configuration section to grant users access to log in to the system.

You can choose one or both options based on your needs.

When importing user logins, create a separate Active Directory group for each Asset Panda permission level. Your organization must configure these groups since Asset Panda does not manage external system settings.

Note: The following information helps you to complete the Microsoft Entra ID integration process with Asset Panda. However, you must contact your Implementation Specialist or the Support Team to activate this integration on your Asset Panda account.

The process of integrating the Microsoft Entra ID account with Asset Panda to fetch data includes:

  1. Connecting Microsoft Entra ID.

  2. Setting up and configuring the Microsoft Entra ID integration in Asset Panda.

  3. Mapping the fields from Microsoft Entra ID to Asset Panda.

You need to perform the following steps to integrate Microsoft Entra ID with Asset Panda:

  • Enable Microsoft Entra ID: Guide you on how to connect the Microsoft Entra ID account for fetching data.

  • Configure Asset Panda Integration: Provide detailed steps to configure and map the Microsoft Entra ID data fields within Asset Panda.

  • Ensure Data Accuracy: Ensure that the data fetched from Microsoft Entra ID is accurately mapped and stored in Asset Panda.

Prerequisites

Before you begin the integration, make sure you meet the following requirements:

  • An active Asset Panda subscription.

  • A Microsoft Entra ID deployment within your organization.

  • Administrative access to both Microsoft Entra ID and Asset Panda.

  • Ensure the relevant collections and fields exist in Asset Panda to accurately map the imported data.

Note: During the Azure app registration process, be sure to copy the following details and enter them into the corresponding fields in Asset Panda: -Application (client) ID → Paste into Client ID -Object ID → Paste into Application Object ID -Directory (tenant) ID → Paste into Tenant ID -Client Secret Value → Paste into Client Secret

Important: When creating the Client Secret, make sure to copy the Value immediately after it is generated. This value will only be displayed once. If you navigate away or forget to copy it, you will need to generate a new client secret to proceed with the integration.

Microsoft Entra ID Tasks

To connect Microsoft Entra ID (formerly Azure AD) with Asset Panda, follow the steps below in the Azure Portal:

Register a New Application

  1. Navigate to: Azure Portal → Search for App registrations.

  2. Click New registration.

  3. Set a Name for the app (e.g., Asset Panda Integration).

  4. Under Supported account types, select:

    • Accounts in this organizational directory only (Single tenant)

  5. Click Register.

Gather Required IDs

Once the app is registered:

  1. Copy the Application (client) ID → Paste it into the Client ID in Asset Panda.

  2. Copy the Object ID → Paste it into the Application Object ID in Asset Panda.

  3. Copy the Directory (tenant) ID → Paste it into Tenant ID in Asset Panda.

Create a Client Secret

  1. Go to Certificates & secrets.

  2. Click New client secret.

  3. Add a Description and select an Expiration period.

  4. Click Add.

  5. Copy the Value (not the Secret ID) of the newly created client secret and Paste it into the Client Secret field in Asset Panda.

Add API Permissions

To allow Asset Panda to read data from Microsoft Entra ID:

  1. Navigate back to your registered application.

  2. Go to API Permissions.

  3. Confirm that User.Read (delegated) is already listed.

Add Delegated Permissions

  1. Click Add a permission.

  2. Select Microsoft Graph.

  3. Choose Delegated permissions.

  4. Expand OpenId and select: email profile offline_access

  5. Click Add permissions.

Add Application Permissions

  1. Click Add a permission again.

  2. Select Microsoft Graph.

  3. Choose Application permissions.

  4. Expand and add the following: ApplicationApplication.Read.All DirectoryDirectory.Read.All GroupGroup.Read.All UserUser.Read.All GroupMemberGroupMember.Read.All

  5. Click Add permissions.

Grant Admin Consent

  1. In the API Permissions page, click Grant admin consent for [Your Directory Name]l

  2. Confirm by clicking Yes.

  3. Ensure the Status column shows all permissions as Granted for admin consent.

Asset Panda Tasks

Setup

  1. Log in to Asset Panda. Go to Settings > Account Management.

  2. For the respective module, Click Manage under Integrations.

  3. Open the Integrations Store for the desired account.

  4. Go to the Microsoft Entra ID tile and click Add from the Asset Panda Integration Store.

  5. Switch to the Integrations in this module tab.

  6. Go to the Microsoft Entra ID tile and click Configure.

  7. Enter the following Azure details: Client ID Client Secret Application Object ID Tenant ID

Note: These values are copied from your registered app in Azure: -Application (client) ID → Client ID -Object ID → Application Object ID -Directory (tenant) ID → Tenant ID -Client Secret Value → Client Secret

Important: The Client Secret Value is displayed only once when created. Be sure to copy and store it securely. If missed, you’ll need to generate a new one.

  1. Click Test and Save Connection to verify the authentication.

  2. Click Continue with mapping.

  3. Click Add Mapping Option. The Mapping Option window appears.

  4. Choose one of the following mapping options:

    1. To create users with login access:

      1. Click Create Asset Panda users from Microsoft Entra ID with login access.

      2. Enter a name in the Mapping Name field.

      3. In the External Entity dropdown, select the entity type (e.g., Mobile Devices).

      4. In the Collection dropdown, select a collection (e.g., Azure Users).

      5. Proceed to Mapping Fields (see below).

    2. To import users as reference records without login access:

      1. Click Create Microsoft Entra ID users as collection records without login access.

      2. Enter a name in the Mapping Name field.

      3. In the Organizational Unit field, select the relevant unit from Microsoft Entra ID.

      4. In the User Role field, assign a role.

      5. Map the Microsoft Entra ID fields to the corresponding fields in Asset Panda.

  5. To add more fields, click Add More Mapping Columns.

  6. Click Save.

Mapping Fields

In the Mapping section, select fields from Microsoft Entra ID and map them to fields in Asset Panda.

Mapping Unique Identifiers

Select one of the above as your Unique Identifier to ensure proper record matching and avoid duplication.

Field
Recommended?
Why

User Principal Name

Yes

Typically in [email protected] format. Globally unique, stable, and used for login. Ideal for most organizations.

Object ID

Yes (alternative)

A static, system-generated GUID that never changes. Best for long-term consistency.

Email

Conditional

Use only if all users have a unique and permanent primary email address. Not ideal in environments with aliases.

User Deprovisioning & Status Handling

Asset Panda manages user deactivation based on the user’s status in Microsoft Entra ID and the availability of user data through Entra ID APIs.

  1. Deactivated users: If a user is disabled in Microsoft Entra ID (accountEnabled = false), the user is automatically deactivated in Asset Panda during the next sync.

  2. Deleted users: If a deleted user is still available in the Deleted Users list in Microsoft Entra ID, Asset Panda can retrieve the record and deactivate the user. If the user is permanently deleted and no longer accessible via APIs, Asset Panda cannot retrieve or update that user.

Note: Asset Panda does not independently delete users. All deprovisioning actions depend on the user data exposed by Microsoft Entra ID.

Microsoft Entra ID Field Descriptions

Field Name
Description

Account enabled

Indicates whether the user account is active. Helps filter out deactivated or suspended users.

Age group

Specifies the user's age classification (e.g., minor, adult). Used in compliance or filtering scenarios.

Business phone

User’s business contact number. Useful for directories or asset assignment contact fields.

City

The city listed in the user's profile. Can be used for location-based mapping.

Company name

Organization name associated with the user. Often used for tenant-level reporting.

Country or region

The geographic country/region the user is assigned to.

Department

The department the user belongs to (e.g., HR, Finance). Useful for role-based mapping.

Display name

Full name displayed in the directory (e.g., Jane Doe). Helpful for readable labels.

Email

The user's primary email address. May be used for contact or login—ensure uniqueness.

Employee hire date

The user’s official date of hire. Can help with lifecycle tracking.

Employee ID

An internal or external employee identifier. Useful if used consistently across systems.

Employee org data

Organization-specific metadata (e.g., cost center, division). Customizable use.

Employee type

Indicates employment type (e.g., contractor, full-time).

External user state

Status of external (guest) users, such as invited or accepted.

External user state change date time

Date/time of the last state change for external users.

Fax number

Deprecated in most environments. Rarely used now.

First name

User’s given name. Can be mapped to standard profile fields.

Integration Status

Automatically created and managed by Asset Panda during sync. No manual mapping needed.

Job title

The user's role or position (e.g., IT Administrator).

Last name

User’s surname or family name.

Mail nickname

A user alias used in email routing (e.g., jdoe).

Mobile phone

The user’s mobile contact number.

Object ID

Unique system-generated ID for each Entra user. Great for strict identity matching.

Office location

The user’s office or desk location.

Other emails

Secondary or alternate email addresses. Not recommended for mapping unique identifiers.

Preferred language

Default language preference for the user.

State or province

State/province portion of the user's address.

Street address

User’s street-level address info.

Usage location

Country where the service is being used. Often used for licensing.

User principal name

Primary login name (e.g., [email protected]). Highly recommended as the unique identifier.

User type

Defines whether the user is internal (Member) or external (Guest).

ZIP or postal code

Postal/ZIP code from the user’s address.

Once you click Save, your Microsoft Entra ID integration and mapping setup in Asset Panda is complete.

Info: Setting up an automation ensures data stays up to date by syncing records at scheduled intervals.

PreviousMicrosoft Active Directory On-Premises IntegrationNextOkta

Last updated