Skip to content

Configuring Directory Integration Between MS Entra (formerly Azure AD) and Nullafi Shield

Prerequisites

Before beginning the configuration process, ensure you have:

  • A fully operational Nullafi Shield instance
  • A MS Entra plan on Azure
  • SAML Authentication for MS Entra configured

Introduction

Nullafi Shield supports Directory integration to pull user groups from the Directory.

Part I: MS Entra Configuration

Configuring the Application

  1. Log into the Azure portal
  2. Navigate to Microsoft Entra
  3. Select App registrations from the left sidebar
  4. Click at all applications tab, you will see the SAML application you configured before for authentication, on the list
  5. Click on the application
  6. From the Essentials tab (top), you will see several attributes for the application.
  7. Copy the following ones to a text editor, you will need those information later:
  8. Application (client) ID
  9. Directory (tenant) ID
  10. In Client credentials attribute, lick at “Add a certificate or secret”
  11. Click at New client secret
  12. At Description type something like: “Client credentials for Nullafi Shield Directory Integration”
  13. Choose a time to expire the secret or leave the default (6 months)
  14. Click at Add
  15. Once it is created, copy the Value, save it for later.

Part II: Nullafi Shield Configuration

  1. Access your Nullafi Shield Dashboard (e.g., https://shield.maverickco.com)
  2. Log in and navigate to Configuration in the left sidebar
  3. Click at Directory
  4. At the Directory page, click at Azure
  5. Fill the inputs with the information you saved from MS Entra application configuration:
  6. Directory (tenant) ID
  7. Application (client) ID
  8. Client Secret Value
  9. Toggle to Enable the integration
  10. Click at Save Changes

Verification

  1. In the Nullafi Shield Dashboard, click at Policies, then Groups
  2. Click at Sync Groups
  3. You should see a list of groups from your Directory