What You'll Need
- Global Administrator or Application Administrator role in Microsoft Entra ID
- A Microsoft 365 E5, E5 Compliance, or Information Protection license
- ~5 minutes to complete setup
- Your Clariti account with adapter management permissions
Get Your Credentials
If you have already set up the Microsoft Entra ID adapter, you can reuse the same app registration — just add the additional API permissions listed below and re-grant admin consent. See the Microsoft Entra ID guide for the full app registration walkthrough.
In the Azure portal, go to App registrations and select your Clariti app. Under API permissions > Add a permission > Microsoft Graph, add this Application permission:
InformationProtectionPolicy.Read.All
Click Grant admin consent for your tenant. Copy the Application (client) ID, Directory (tenant) ID, and a valid Client secret value.
Enter Credentials in Clariti
| Value from vendor console | Paste into Clariti field |
|---|---|
Directory (tenant) ID | Tenant / Directory ID |
Application (client) ID | Client ID |
Client secret value | Client Secret |
Verify Connection
Click Test Connection in Clariti. A successful connection returns a green checkmark. The first data sync typically completes within a few minutes.
Troubleshooting
- 401 Unauthorized — The client secret may have expired. Generate a new secret in Azure and update it in Clariti.
- 403 Forbidden — Verify admin consent was granted for InformationProtectionPolicy.Read.All. This permission requires an E5 or Information Protection license.
- Timeout — Purview policy data is lightweight. Timeouts are rare; Clariti retries automatically.