You can configure Microsoft Entra
ID synchronization to import new users and groups into the MaaS360® Portal without syncing existing users and groups from Microsoft Entra
ID.
Before you begin
You must have the tenant ID to configure directory synchronization. To get your tenant ID from
the
Microsoft Entra
Portal,
complete the following steps.
- Sign in to the Microsoft Entra
Portal with your
Microsoft
Entra
account.
- Click Tenant Properties.
- Copy the value in the Tenant ID field.
About this task
You can enable integration with Microsoft Entra
ID to synchronize users and groups with MaaS360. This approach is recommended when no existing users or groups are present in the MaaS360 Portal that can be synchronized from Microsoft Entra
ID.
Procedure
- From the IBM®
MaaS360 Portal
Home page, select .
- In the Configure directory sync window, select
No to import new users and groups to the MaaS360 Portal without syncing the existing users and groups from Microsoft Entra
ID, and then click
Confirm.
- Configure the Tenant ID.
- On the Directory Sync page, expand the Tenant ID
Configuration section.
- Enter the Microsoft
Entra Tenant ID that is
copied from the Microsoft Entra
Portal. For more
information, see Before you
begin.
- Select the Integrate with Microsoft
Entra GCC high
environment checkbox for Microsoft
Entra GCC high
subscription.
Note: Only federal customers must enable the Integrate with Microsoft
Entra GCC high
environment checkbox.
- Click Configure.
- On the Security Check window, enter the password, and then click
Confirm.
- On the Microsoft account login page, log in to your
Microsoft
Entra account
and grant permission for MaaS360 to view
your Microsoft Entra
ID
instance.
Important: The consent is required to access and manage Microsoft Entra
ID user groups in MaaS360.
- If authentication is successful, a message is displayed, and you are redirected to the MaaS360 Portal Home page.
- If authentication fails, a message is displayed, and you must review the settings that you
configured in the previous steps.
- From the IBM
MaaS360 Portal
Home page, select , and then click Directory Sync.
Important: If you click Unconfigure in the Tenant ID
Configuration section, you can no longer add Microsoft Entra
ID user groups in MaaS360. Also disable the user provisioning application in Microsoft
Entra to stop receiving
updates from Microsoft Entra
ID. However, synchronized users and groups remain active in the MaaS360 Portal until they are deactivated in the Microsoft
Entra user
provisioning application.
- On the Directory Sync page, expand the User provisioning
configuration section and configure the following options.
- Copy the URL and secret code in the Tenant URL and
Secret Code fields and configure them in the Microsoft Entra
Portal.
For more information, see Microsoft Entra
Portal, see Configuring user provisioning in the Microsoft Entra Portal.
Important: To renew the secret code before it expires and to avoid interruptions, click
Renew code. If you fail to renew the secret code before it expires, Microsoft
Entra user provisioning
is quarantined, and no further directory data is synchronized. Renew the secret code every six
months, starting from the date the token was generated. The expiry date is displayed in MMM
D, YYYY format. For example, Oct 5, 2025.
Results
After integration is configured, all data is synced as configured from Microsoft Entra
ID to MaaS360.
What to do next
Manage the groups that are migrated from Microsoft Entra
ID to the MaaS360 Portal.From the IBM
MaaS360 Portal
Home page, select .
The name
of the group and the GUID of each group are displayed in the MaaS360 Portal. You can see Microsoft Entra
ID in the
Updated by column for newly imported groups from Microsoft Entra
ID.