Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Adding an Entra ID directory configuration

    Adding an Entra ID directory configuration

    FortiDLP can integrate with one or more Entra ID directories.

    Note

    You must have the following operator permissions to be able to configure an Entra ID integration in FortiDLP:

    • Can edit Entra ID configurations
    • Can read Entra ID configurations
    • Can sync Entra ID configurations.
    Prerequisites

    You must first complete the credential setup steps in Microsoft credentials.

    How to add an Entra ID directory
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Do one of the following:
      • Under Users, select Microsoft Entra ID.
      • Under Integrations > Microsoft, select Entra ID.
    3. Click Add new directory.
    4. In the Add new directory modal, do the following:
      1. Under Authentication settings, in the Credentials menu, select the set of credentials you want to use (see Microsoft credentials).
      2. Under Details, enter a name to identify the directory sync configuration.
      3. Optionally, under User sync, do the following:
        • To filter the users you want to sync, in the Filter field, type the search filter.
          Example

          For example, entering:

          • country eq 'USA' would filter by users who have USA set as their country of residence.
          • createdDateTime ge 2022-05-09T16:59:09Z would filter by users whose Entra ID accounts were created after the date and time provided.
        • To enable daily auto-syncs, turn the Enable daily auto-sync toggle on. For more information, see Syncing Entra ID directories.
        • To enable auto-archiving of users deleted from the directory, turn the Enable auto-archiving of directory-deleted users toggle on. For more information, see Auto-archiving Entra ID directory-deleted users.
        • To remove directory labels from auto-archived directory-deleted users, turn the Remove directory labels from auto-archived users toggle on.
        • To sync users' usernames to the Infrastructure and allow them to be mapped to events that contain a matching username, turn the Sync username mapping toggle on. For more information, see User-event mapping.
      4. Optionally, under Label import, do the following:
        • To create and assign user property directory labels:
          1. In the User properties list, select one or more user properties. If you select the Hire date checkbox, you must also set the number of days an employee is a new hire in the Days field.
          2. To pseudonymize user property label values, select the corresponding Pseudonymize values checkboxes.
        • To create and assign group membership directory labels:
          1. In the Group membership list, select one or more group memberships.
          2. To flag group membership labels, select the corresponding Flag label checkboxes.
          3. To pseudonymize group membership label values, select the corresponding Pseudonymize values checkboxes.
      5. Click Add new directory.
    Previous
    Next

    Adding an Entra ID directory configuration

    Adding an Entra ID directory configuration

    FortiDLP can integrate with one or more Entra ID directories.

    Note

    You must have the following operator permissions to be able to configure an Entra ID integration in FortiDLP:

    • Can edit Entra ID configurations
    • Can read Entra ID configurations
    • Can sync Entra ID configurations.
    Prerequisites

    You must first complete the credential setup steps in Microsoft credentials.

    How to add an Entra ID directory
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Do one of the following:
      • Under Users, select Microsoft Entra ID.
      • Under Integrations > Microsoft, select Entra ID.
    3. Click Add new directory.
    4. In the Add new directory modal, do the following:
      1. Under Authentication settings, in the Credentials menu, select the set of credentials you want to use (see Microsoft credentials).
      2. Under Details, enter a name to identify the directory sync configuration.
      3. Optionally, under User sync, do the following:
        • To filter the users you want to sync, in the Filter field, type the search filter.
          Example

          For example, entering:

          • country eq 'USA' would filter by users who have USA set as their country of residence.
          • createdDateTime ge 2022-05-09T16:59:09Z would filter by users whose Entra ID accounts were created after the date and time provided.
        • To enable daily auto-syncs, turn the Enable daily auto-sync toggle on. For more information, see Syncing Entra ID directories.
        • To enable auto-archiving of users deleted from the directory, turn the Enable auto-archiving of directory-deleted users toggle on. For more information, see Auto-archiving Entra ID directory-deleted users.
        • To remove directory labels from auto-archived directory-deleted users, turn the Remove directory labels from auto-archived users toggle on.
        • To sync users' usernames to the Infrastructure and allow them to be mapped to events that contain a matching username, turn the Sync username mapping toggle on. For more information, see User-event mapping.
      4. Optionally, under Label import, do the following:
        • To create and assign user property directory labels:
          1. In the User properties list, select one or more user properties. If you select the Hire date checkbox, you must also set the number of days an employee is a new hire in the Days field.
          2. To pseudonymize user property label values, select the corresponding Pseudonymize values checkboxes.
        • To create and assign group membership directory labels:
          1. In the Group membership list, select one or more group memberships.
          2. To flag group membership labels, select the corresponding Flag label checkboxes.
          3. To pseudonymize group membership label values, select the corresponding Pseudonymize values checkboxes.
      5. Click Add new directory.
    Previous
    Next