Connectors (Admin)

A connector is a single Entra ID connection — a tenant, a client ID, and a credential — that InfraScout uses for two things: keeping the Users and Groups directories in sync, and feeding the Microsoft Cloud assessment tools the AI uses for cloud-side reviews.

Connectors tab with one Entra ID connection (ITdesign EntraID Identity) showing tenant ID, client ID, secret, last sync, and Sync action

Layout

The page header carries the section title (Role Management) and the Admin Access chip; the tab strip puts you on Connectors. The description line under the heading is "Manage Microsoft Entra ID connections for identity sync and assessments."

Two header buttons sit above the connector list: Add Connection and Refresh. A free-text search filters by connection name. The total count (N of N connection) reflects active filters.

The body is a card grid; in most tenants it shows exactly one card.

Card contents

Each connector card carries the connection metadata:

  • Connection name — for example ITdesign EntraID Identity.
  • Type chipIdentity (drives the directory sync and the Microsoft Cloud tools).
  • Status chipEnabled / Disabled.
  • Tenant — the Entra tenant GUID.
  • Client ID — the app registration ID InfraScout authenticates as.
  • Secret — masked, with the last few characters shown for identification.
  • Sync — last successful sync time as a relative timestamp with a green check on success, plus the on-demand Sync button.

The action row at the bottom of the card: Edit (rename, rotate the secret, change the tenant), Toggle (enable / disable without deleting), Delete.

Permissions the connector needs

The app registration must consent to a small set of Microsoft Graph and Azure Resource Manager scopes — directory read, group member read, sign-in log read, plus reader access to the subscriptions you want assessable. The exact scope list is documented on the Connecting Entra ID page; that is the canonical reference and the right place to start when registering a new connector.

Sync schedule

The connector runs a background sync on a fixed interval (typically hourly). The last successful sync timestamp is shown on the card. Click Sync to trigger an on-demand run — the button disables until completion to avoid overlapping sync passes.

A failing sync is surfaced in the admin audit events feed as a connector_sync_failed event with the underlying Graph error message; investigate from there rather than guessing from this page.

Rotating the secret

Rotation is a single edit: paste the new secret into the Edit dialog, save, and watch the next sync succeed. There is no overlap window — the new secret takes effect immediately, so coordinate the swap with whoever rotated the app registration on the Entra side.