Basic Connection Settings
| Setting | Description |
|---|---|
| Client ID | Unique identifier for the registered app. Also called "Application (client) ID" in Microsoft Entra ID. |
| Client Secret value | Authentication secret for the application |
| Microsoft Entra ID Domain (Entra connection type only) | The main domain URL associated with your Microsoft Entra ID tenant. Your Entra ID domain is in a format of "example.onmicrosoft.com" or a custom domain like "example.com". The domain can be found in the Microsoft Entra admin center under . |
| Tenant Domain (Entra connection type only) | Your organization's Entra ID tenant identifier. Also called primary domain in Microsoft Entra ID. Your tenant domain is in a UUID format specific to your Entra tenant. It can be found in the Microsoft Entra admin center under and select the Tenant ID value. |
| Issuer URL (Generic OIDC connection type only) | For the Issuer URL, enter the Entra ID "Open ID Connect Metadata Document" URL. For Entra ID commercial tenants, this URL should have the following format: |
Microsoft Entra ID Settings and Attributes
| Setting | Description |
|---|---|
| Use Common Endpoint | Used for multi-tenant apps in Microsoft Entra ID |
| Basic Profile | |
| Extended Profile | |
| Get User Groups | Select Get User Groups to use a Microsoft Entra ID group name in Jamf Pro User Accounts & Groups for assigning privileges. Important:If you choose the Entra connection type in Jamf Account, the Directory.Read.All API permission must be configured in Microsoft Entra ID. |
| Include all groups the user is a member of, including child groups | Enter the max number of groups to retrieve. |
| Always set email verified to 'true' | Email addresses in the identity provider are already verified. Select this only for unusual circumstances where they are not verified by the identity provider. |
| Enable Users API | This is a legacy option for use only with Azure Active Directory V1. |
| Identity API | Set Identity API to . |