Skip to main content
The Microsoft Entra ID integration connects your Azure AD tenant to Regentra for single sign-on, user and device synchronization, and automated compliance evidence collection.

What it provides

  • SSO authentication — Staff and portal users sign in with their Entra credentials
  • User sync — Entra users are imported as portal contacts automatically
  • Device sync — Intune-managed devices are imported as assets
  • Compliance evidence — Conditional access policies, MFA status, and device compliance states are collected as evidence for compliance frameworks

Setup

1

Navigate to integrations

Go to Settings → Integrations → Microsoft Entra ID.
2

Start admin consent

Click Connect to initiate the Azure AD admin consent flow. You will be redirected to Microsoft’s login page.
3

Grant consent

Sign in with a Global Administrator or Privileged Role Administrator account and approve the permissions requested by the Regentra application.
4

Verify connection

After consent, you are redirected back to Regentra. The integration status should show Connected.
The admin consent flow grants Regentra read access to users, groups, devices, and directory data. No write permissions are requested.

What syncs

Entra objectRegentra objectDetails
UsersPortal contactsDisplay name, email, department, job title
Devices (Intune)AssetsHostname, OS, serial number, compliance state
GroupsContact groupsUsed for portal access control

Sync frequency

  • Identity sync (users, contacts, devices) runs every 4 hours on the hour
  • Evidence collection sync (conditional access policies, MFA status, device compliance signals) runs every 6 hours, offset 15 minutes from the identity sync to avoid Graph API contention
  • Manual sync can be triggered at any time from the integration settings page
The initial sync may take several minutes depending on the size of your Entra directory. Subsequent syncs are incremental and faster.

Per-company sync

For MSP customers operating multiple client tenants, Regentra also exposes a per-company Sync With M365 button on the PSA Company detail page (PSA → Companies → [company]). This pulls a fresh snapshot of users + devices for that one customer without waiting for the next 4-hour cycle. The button handles two states:
  • Not yet connected to a tenant — click redirects to Microsoft for admin consent on the customer’s tenant; on return, the initial sync queues automatically
  • Already connected — click queues an Inngest sync job that runs in the background; the page shows “Sync queued” and contacts + devices refresh on the next load
Per-company syncs are blocked for archived companies (see archive flow) — restore the customer first if you need to re-pull their tenant data. Intune fetch failures are surfaced explicitly in the audit log (no more silently-swallowed errors) — if a sync completes with 0 devices when you expect more, check the audit log for the underlying Graph API response.

SSO for staff login

When Entra SSO is enabled, your team members can sign in to app.regentra.io using their Microsoft credentials. This uses the OAuth2 authorization code flow. See SSO settings for configuration details.

SSO for portal login

Portal SSO is configured separately for each client. When a client’s Entra tenant is connected, their end users can sign in to the support portal using their corporate Microsoft accounts. Enable this under PSA → Support Portal (or the Support Portal Settings tile) → Authentication tab, within the client’s context.

Device sync deduplication

If you also use the Level.io RMM integration, devices may appear from both sources. Regentra deduplicates assets by matching on serial number and hostname. When a match is found, the records are merged — Entra provides compliance state and Intune data, while Level.io provides RMM agent details and warranty information.
If you see duplicate assets after enabling both integrations, they will be automatically merged on the next sync cycle.