Entra ID (Azure AD) — Identity Management
Basic Information
| Field | Value |
|---|---|
| Category | System Tools |
| Owner | Sergej Vdovičenko |
| Deputy | Artem Ryzhkov |
| Management Level | 5 |
| SLA | 24x7 |
| Login | Microsoft corporate account (admin role) |
| URL | https://entra.microsoft.com |
Description
Microsoft Entra ID (formerly Azure Active Directory) is the cloud service for managing digital identities and access. It serves as the central Identity Provider (IdP) for all Etnetera group companies.
Key features:
- SSO (Single Sign-On): one login for all connected applications (Microsoft 365, Slack, Atlassian, Adobe…)
- MFA: mandatory for all users (Microsoft Authenticator)
- Conditional Access: device compliance, location, risk score policies
- Lifecycle management: automatic account provisioning (SCIM) to apps
- Groups and roles: access assignment to apps and resources
- Sync with on-prem AD: via Entra Connect Sync
Access and Login
- URL: entra.microsoft.com
- Login: corporate Microsoft account (
firstname.lastname@etnetera.cz) with Global Administrator or User Administrator role - MFA is mandatory
Warning
Global Administrator role grants unrestricted access to the entire tenant. Use only for necessary operations. For daily user management, use User Administrator role.
Procedure — Create New User
- Entra ID → Users → New user → Create new user
- Fill in: Display Name, User Principal Name (
firstname.lastname@etnetera.cz) - Set temporary password or send email invitation
- Assign Groups (determines app access)
- Assign Licenses (Microsoft 365 plan)
- Click Create
Procedure — Disable Account (Offboarding)
- Users → [user] → Properties → Edit
- Check Block sign in → Yes
- Remove from groups (automatically loses app access)
- Revoke active sessions: Users → [user] → Revoke sessions
- Remove licenses: Licenses → Remove
Procedure — Reset User Password
- Users → [user] → Reset password
- Choose: Auto-generated or manual
- Check Require this user to change their password
- Share password securely (via Passbolt or encrypted message)
Troubleshooting
| Problem | Solution |
|---|---|
| User cannot sign in | Check: Block sign in / Locked out / Conditional Access; Sign-in logs for details |
| MFA not working | Users → [user] → Authentication methods — reset or add method |
| SSO app not working | Enterprise applications → [app] → Sign-in logs; check SAML/OIDC config |
| Sync from AD not working | Check Entra Connect status: Get-ADSyncScheduler; check Event Log on sync server |
Related Guides
- Active Directory — on-prem identity, sync to Entra ID
- Google Workspace — parallel identity for Google accounts
- Onboarding — account creation procedure for new employees
Contact
- Owner: Sergej Vdovičenko — Slack
@sergej/ sergej.vdovicenko@etnetera.cz - Deputy: Artem Ryzhkov — Slack
@artem - Urgent issues (login outage): Slack
#it-alerts