Add an Entra ID Group

Entra ID group members can log in to the management console using SAML authentication and perform tasks based on the permissions assigned to the group. Upon logging into BeyondInsight, users can select a domain from the Log in to list on the Login page.

The Log in to list is only displayed on the Login page when there are either AD or LDAP user groups created in the BeyondInsight console. The Log in to list is displayed by default, but may be disabled / enabled by an admin user by toggling the Show list of domains/LDAP servers on login page setting from Configuration > System > Site Options page.

AD users must log in to the management console at least once to receive email notifications.

Direct Connect does not support using SAML as an authentication method. Therefore, Direct Connect is not available with Entra ID accounts.

Create an Entra ID Group in BeyondInsight, as follows:

  1. Navigate to Configuration > Role Based Access > User Management.

Create a New Group in BeyondInsight

  1. From the Groups tab, click + Create New Group.

 

  1. Select Add a Microsoft Entra ID Group.

 

 

Add an Entra ID Group - Search Microsoft Entra ID

  1. Select a credential from the list.

If you require a new credential, click Create a New Credential to create a new credential. The new credential is added to the list of available credentials.

  1. Click Search Microsoft Entra ID. A list of security groups displays.

 

For performance reasons, a maximum of 250 groups from Entra ID is retrieved. The default filter is an asterisk (*), which is a wildcard filter that returns all groups. Use the group filter to refine the list.

  1. Set a filter on the groups that are to be retrieved, and then click Search Microsoft Entra ID.
Sample filters:
  • a* returns all group names that start with a.
  • *d returns all group names that end with d.
  • *sql* returns all groups that contain sql in the name.

Screenshot of Entra ID Group Search Results

  1. Select a group, and then click Add Group.

 

  1. The group is added and set to Active but not provisioned or synchronized with Entra ID. Synchronization with Entra ID to retrieve users begins immediately.

 

Entra ID group details showing the Users in the group after synchronization occurred.

  1. Once the group has been synced with Entra ID, you can view the users assigned to the group, as well as unassigned users, by selecting Users from the Group Details section and then using the filters.

 

By default, new groups are not assigned any permissions. You must assign permissions on features and Smart Groups after creating a new group. For more information on permissions and how to assign them, please see Assign Permissions to Groups in BeyondInsight.

To use Entra ID credentials for logging into BeyondInsight, the accounts must use SAML authentication. For more information on configuring Entra ID SAML with BeyondInsight, please see Configure Microsoft Entra ID SAML with BeyondInsight SAML.

For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.