Common scenarios¶
This page explains how to perform some common tasks that may need to happen when using Microsoft Entra with Connect.
Add an existing Connect User to an Entra group¶
If a member of your Connect Organisation needs to be added to a group in Entra, please do the following:
- In the Microsoft Entra admin center, find the relevant group in
Groups -> All groups
- Click on
(Group name) -> Members
- Select
Add members
and add the required user account
The change will be synced from Entra to Connect within a few minutes.
The change can be confirmed by following the instructions for viewing User group membership in Connect
Inviting an Entra User to Connect with membership to an Entra group¶
If a user from your Entra tenant is not yet in your Connect Organisation, please follow the instructions for inviting a new User to your Organisation
Info
The email address of the user account must match the one that you use for the invitation.
Once the User has completed the sign-up process, their Entra group membership can be confirmed by following the instructions for viewing User group membership in Connect
Tip
Connect will only list groups that have been referenced in your Organisation's IAM Policy.
Delete an Entra user¶
If you wish to delete a User from both Entra and Connect, you will need to perform both of the following:
Remove an account from Entra¶
- In the Microsoft Entra admin center, find the relevant user in
Users -> All users
- Click on the user account name
- Click Delete at the top of the page
- Click the Delete button to confirm
Remove an account from Connect¶
- In the Connect Control Service, browse to your Connect Organisation
- Open the Endpoints tab
- Delete any Endpoints that list the User as the Primary User
- Open the Users tab
- Find the correct User account, and click the red Delete icon
Tip
If the delete button is greyed out, the User is still associated with an Endpoint.
Disabling an Entra user¶
Disabling a user in Entra will prevent new logins and invited sign-ups into your Connect Organisation with that account.
If you wish to disable a user in Entra, you must do the following:
- In the Microsoft Entra admin center, find the relevant user in
Users -> All users
- Click on the user account name
- Click Edit properties at the top of the page
- Click the Settings tab
- Untick Account enabled
- Click Save
Limitation
This does not currently affect group membership in Connect for users that have already accepted an invitation.
This will change in a future release of Connect.
You may wish to delete the User in Connect instead by following the instructions above.
Remove an Entra tenant from Connect¶
If you wish to remove an Entra tenant from Connect, you will need to remove all Group references that use the tenant from the Organisation's IAM Policy.
To do this:
- In the Connect Control Service, browse to the Organisation that uses the Entra tenant
- Open the IAM Policy tab
- Click "Edit" to edit the current policy
- Amend the policy to remove any references to the tenant
- Click "Save". You should then see a message confirming that the IAM Policy has been successfully updated
- Open the Identity Providers tab
- Click the red Delete icon for the tenant you wish to delete
Tip
If the delete button is greyed out, you still have a reference to the tenant in your Organisation's IAM Policy.