Connecting Microsoft Entra

  • Updated on Feb 12, 2026
  • Published on Feb 12, 2026
  • 1 minute(s) read
Prev Next

This article explains how to connect your Microsoft Entra tenant to imper.ai and verify a successful connection.

Prerequisites

Before you begin, make sure of the following:

  • Microsoft Entra ID Global administrator privileges.

  • Admin access to the imper.ai Admin Console.

  • You have copied your Tenant ID:

    • Log in to the Azure Portal using your administrator credentials.

    • Navigate to Microsoft Entra ID > Tenant Properties.

    • Copy the Tenant ID.

Procedure

Follow these steps to connect Microsoft Entra to your imper.ai environment:

  1. Log in to imper.ai using your admin credentials or Single Sign-On (SSO).

  2. Go to Settings > Integrations.

  3. Navigate to Microsoft Entra, and click Connect. The Microsoft login pop-up opens.

  4. Enter your Tenant ID (found in Azure > Tenant Properties) and click Enter.

  5. Click Open Link to be redirected to the Microsoft Authorization page.

  6. Approve the requested permissions on the Microsoft Authorization page.

  7. Once complete, the Installation Completed Successfully opens.

Microsoft Entra ID permissions

When Microsoft Entra ID is used as the identity provider, imper.ai requests the following permissions to support helpdesk verification and secure password reset workflows.

User.ReadBasic.All

Used for: Retrieving basic user information to add users to the protected users list.

User.Read.All

Used for: Fetching full user profile data required to initiate and complete verification flows.

Calendars.Read

Used for: Building calendar-based verification questions (for example, “Who did you meet with this week?”).

Group.Read.All

Used for: Building group-based verification questions (for example, “Name a group you belong to”).

Directory.Read.All

Used for: Building verification questions related to the organizational hierarchy.

Chat.Read.All

Used for: Building verification questions based on recent chats.

Contacts.Read

Used for: Building contact-based verification questions (for example, “Name a starred contact”).

AuditLog.Read.All

Used for: Reading previous sign-in activity to detect anomalies during the verification flow.

email

Used for: Reading email metadata to generate verification questions.

RoleManagement.Read.Directory

Used for: Associating roles and groups for role-based verification questions.

User-PasswordProfile.ReadWrite.All

Used for: Resetting user passwords after successful verification.

Related articles