What You'll Need
- Global Administrator or Application Administrator role in Microsoft Entra ID
- Microsoft Entra ID P1 or P2 license for MFA reporting
- ~5 minutes to complete setup
- Your Clariti account with adapter management permissions
Get Your Credentials
If you have already set up the Microsoft Entra ID adapter, you can reuse the same app registration — just add the additional API permissions listed below and re-grant admin consent. See the Microsoft Entra ID guide for the full app registration walkthrough.
In the Azure portal, go to App registrations and select your Clariti app. Under API permissions > Add a permission > Microsoft Graph, add these Application permissions:
UserAuthenticationMethod.Read.AllReports.Read.All
Click Grant admin consent for your tenant. Copy the Application (client) ID, Directory (tenant) ID, and a valid Client secret value.
Enter Credentials in Clariti
| Value from vendor console | Paste into Clariti field |
|---|---|
Directory (tenant) ID | Tenant / Directory ID |
Application (client) ID | Client ID |
Client secret value | Client Secret |
Verify Connection
Click Test Connection in Clariti. A successful connection returns a green checkmark. The first data sync typically completes within a few minutes.
Troubleshooting
- 401 Unauthorized — The client secret may have expired. Generate a new secret in Azure and update it in Clariti.
- 403 Forbidden — Verify admin consent was granted for UserAuthenticationMethod.Read.All and Reports.Read.All. Some MFA reports require an Entra ID P1/P2 license.
- Timeout — Large tenants may take longer for the initial MFA status sync. Clariti retries automatically.