Adding Microsoft Entra ID to Nightfall

This document explains the process of adding your Microsoft Azure tenant to Nightfall to enable Directory Sync. To get an overview of the Directory Sync feature in Nightfall, you can read this article and then proceed with this document.


  • You must have a Microsoft Entra ID (formerly known as Microsoft Azure Active Directory) account.

  • A Microsoft Entra user account for Nightfall with one of the following roles:

    • Global Administrator or Privileged Role Administrator, for granting consent for apps requesting any permission, for any API.

    • Cloud Application Administrator or Application Administrator, for granting consent for apps requesting any permission for any API, except Microsoft Graph app roles (application permissions).

    • A custom directory role that includes the permission to grant permissions to applications, for the permissions required by the application.

    • For more information, refer to the Microsoft documentation here.

Configure Microsoft Entra ID

  1. Click the Settings button in Nightfall.

  1. Click the Directory Sync tab.

  1. Click Add Directory.

  1. Select Azure Entra as the identity provider.

  1. Click Connect.

  1. Enter Email or phone number associated with your Microsoft Azure account.

  2. Click Next.

  1. Enter your password and click Sign In.

When you sign in as an Azure admin, you can consent the installation of Nightfall IDP yourself. You can view the following screen. You must click Accept.

Once you approve the request, the installation proceeds. Once the installation is completed, you can see the following screen. You must click Setup Complete.

After the setup is complete, the first sync may take 15 to 30 min to complete. While the first sync is in progress you would see "pending" under status. Once the sync is complete, the status would transition from "pending" to "synced" and you can view the number of active users, inactive users and groups discovered.

Active users in Azure are the users who actively log in to Azure and perform various tasks.

Inactive users are dormant users who have not logged in to their Azure account for a while. You can refer to this Microsoft document to learn more about managing inactive users.

Nightfall syncs with your Identity and Access Provider every four hours. Also, you can manually sync once every hour. To sync data manually, click the ellipsis menu and select Refresh.

Currently, once registered you cannot unregister an Identity and Access Provider from Nightfall. If you do wish to unregister your Identity and Access Provider, please contact Nightfall support.

Last updated