Importing new users and groups into MaaS360 from Microsoft Entra ID

You can configure Microsoft Entra ID synchronization to import new users and groups into the MaaS360® Portal without syncing existing users and groups from Microsoft Entra ID.

Before you begin

You must have the tenant ID to configure directory synchronization. To get your tenant ID from the Microsoft Entra Portal, complete the following steps.
  1. Sign in to the Microsoft Entra Portal with your Microsoft Entra account.
  2. Click Tenant Properties.
  3. Copy the value in the Tenant ID field.

About this task

You can enable integration with Microsoft Entra ID to synchronize users and groups with MaaS360. This approach is recommended when no existing users or groups are present in the MaaS360 Portal that can be synchronized from Microsoft Entra ID.

Procedure

  1. From the IBM® MaaS360 Portal Home page, select Setup > Microsoft Entra ID integration.
  2. In the Configure directory sync window, select No to import new users and groups to the MaaS360 Portal without syncing the existing users and groups from Microsoft Entra ID, and then click Confirm.
  3. Configure the Tenant ID.
    1. On the Directory Sync page, expand the Tenant ID Configuration section.
    2. Enter the Microsoft Entra Tenant ID that is copied from the Microsoft Entra Portal. For more information, see Before you begin.
    3. Select the Integrate with Microsoft Entra GCC high environment checkbox for Microsoft Entra GCC high subscription.
      Note: Only federal customers must enable the Integrate with Microsoft Entra GCC high environment checkbox.
    4. Click Configure.
    5. On the Security Check window, enter the password, and then click Confirm.
    6. On the Microsoft account login page, log in to your Microsoft Entra account and grant permission for MaaS360 to view your Microsoft Entra ID instance.
      Important: The consent is required to access and manage Microsoft Entra ID user groups in MaaS360.
      • If authentication is successful, a message is displayed, and you are redirected to the MaaS360 Portal Home page.
      • If authentication fails, a message is displayed, and you must review the settings that you configured in the previous steps.
  4. From the IBM MaaS360 Portal Home page, select Setup > Microsoft Entra ID integration, and then click Directory Sync.
    Important: If you click Unconfigure in the Tenant ID Configuration section, you can no longer add Microsoft Entra ID user groups in MaaS360. Also disable the user provisioning application in Microsoft Entra to stop receiving updates from Microsoft Entra ID. However, synchronized users and groups remain active in the MaaS360 Portal until they are deactivated in the Microsoft Entra user provisioning application.
  5. On the Directory Sync page, expand the User provisioning configuration section and configure the following options.
    1. Copy the URL and secret code in the Tenant URL and Secret Code fields and configure them in the Microsoft Entra Portal.

      For more information, see Microsoft Entra Portal, see Configuring user provisioning in the Microsoft Entra Portal.

      Important: To renew the secret code before it expires and to avoid interruptions, click Renew code. If you fail to renew the secret code before it expires, Microsoft Entra user provisioning is quarantined, and no further directory data is synchronized. Renew the secret code every six months, starting from the date the token was generated. The expiry date is displayed in MMM D, YYYY format. For example, Oct 5, 2025.

Results

After integration is configured, all data is synced as configured from Microsoft Entra ID to MaaS360.

What to do next

Manage the groups that are migrated from Microsoft Entra ID to the MaaS360 Portal.

From the IBM MaaS360 Portal Home page, select Users > Groups > Add > User Directory Group.

The name of the group and the GUID of each group are displayed in the MaaS360 Portal. You can see Microsoft Entra ID in the Updated by column for newly imported groups from Microsoft Entra ID.