Chapter 7.3.1: Integrating with Microsoft Entra ID

Directory sync allows you to integrate your BullPhish ID client organization with Microsoft Entra ID to import targets and groups. Imported groups and targets are automatically synchronized with Microsoft Entra ID to keep group information up to date in BullPhish ID.

This integration allows BullPhish ID to sync targets from Microsoft Entra ID, making it easy to manage phishing and training campaigns.

BullPhish ID supports dynamic and nested groups in Microsoft Entra ID.

Integrating BullPhish ID with an organization's Microsoft Entra ID involves three main steps (to navigate to a specific step, click the applicable link):

  1. Configuring Microsoft Entra ID.
  2. Syncing BullPhish ID with Microsoft Entra ID.
  3. Syncing the desired groups and targets in BullPhish ID.


  • Only partner administrators can configure the integration.
  • You must have access to both BullPhish ID and Azure accounts. 
  • The BullPhish ID client organization you want to integrate with Microsoft Entra ID must be in active Status
    Azure 19.png 

Note: The Microsoft Entra ID license type is not relevant when synchronizing with BullPhish ID. If API credentials can be created for the account and appropriate permissions assigned, BullPhish ID can be synchronized with Microsoft Entra ID.

Configuring Microsoft Entra ID

Grant API Access to Microsoft Entra ID

  1. Log into Azure Portal.
  2. In the upper-left corner, click the menu icon.
    Azure 6.png
  3. Select Microsoft Entra ID.
    Azure 5.png
  4. Select App registrations.
    Azure 7.png
  5. In the top menu bar, click + New Registration.
    Azure 8.png
  6. On Register an application page, enter an application name. In the Supported account types section, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).
    Entra 2.png
  7. Click the Register button. An Application (client) ID, Object ID, and Directory (tenant ID) are displayed. The IDs are needed to authenticate in BullPhish ID.
    Entra 3.png
  8. In the navigation menu, click API permissions.
    Azure 10.png
  9. Click Add a permission.
    Azure 11.png
  10. Click Microsoft Graph.7.png
  11. Click Application permissions.8.png
  12. Scroll down to Group, click the dropdown and select Group.Read.All.
    Entra 1.png
  13. Scroll down to User, click the dropdown and select User.Read.All. Click Add permissions. 10.png
  14. On the API Permissions page, click Grant admin consent for Default Directory. This action requires admin-level access.11.png
  15. In the confirmation modal, click Yes.
  16. In the navigation menu, click Certificates & secrets.
    Azure 12.png
  17. Click +New client secret. This secret is needed to authenticate with BullPhish ID.
    Azure 13.png

  18. In the Add a client secret pane, providing a Description is optional. In the Expires list, select when the secret should expire. Click the Add button.
    Azure 14.png
  19. Copy the Value field from the client secret you just created. You will need this value in the next procedure.
    Note: Make sure you copy the Value field, not the Secret ID number.
    Important: The client secret is only visible temporarily and should be safely recorded or used, as it will not be retrievable later.

    mceclip2.pngNote: To delete a client secret, click the delete icon at the end of the row. To create a new client secret, perform steps 17 through 19.

Syncing BullPhish ID with Microsoft Entra ID

To sync BullPhish ID with Microsoft Entra ID, you will use account information that was created when you completed the procedures above.

To sync BullPhish ID with Microsoft Entra ID:

  1. Log into BullPhish ID.
  2. In the navigation menu, select Targets & Groups > Directories.
    Azure 20.png
  3. in the upper-right corner, click + Add Directory Sync.
    Add directory sync 1.png
  4. In the Add Directory Sync modal, complete the following:
    • Organization: Select the applicable organization.
    • Directory Type: Select Azure.
    • Client Secret: Paste the secret value you copied in step 19 from the previous procedure.
      Note: If you need to copy the secret value again, in Microsoft Azure, in the navigation pane, select Certificates & secrets, copy the Value field.
  5. In Microsoft Azure, on the breadcrumb trail, click App registrations.
    Azure 15.png
  6. Click the All applications tab and click the name of your application. 
    Note: If you don't see your application listed, refresh the page.  
    Azure 16.png
  7. On the App registrations page:
    Azure 3.png
    • Copy the Application (client) ID and paste it into the Client ID field in the Add Directory Sync modal.
    • Copy the Directory (tenant) ID and paste it into the Tenant ID field in the Add Directory Sync modal.
  8. Directory Sync Preference: Select an option for handling targets in BullPhish ID after they have been deleted from Azure.
    Dir sync Azure.png
  9. Do one of the following:
    • Click Save.
    • Click Save & Sync.  The sync is executed and the Edit Directory page for the organization is displayed.
      Azure 21.png
      Now you are ready to import and sync groups or targets from Microsoft Entra ID. Refer to the article, 7.3.4 Syncing Groups and Targets.
Revision Date posted
Reviewed and edited. 7/24/23
Added prereq: Org must be active.
PR: Configuring Azure step 18 added Description field is optional.
PR: Synching BP step 6: Added note.
Global: Changed Azure to Entra ID.




Removed Test from Azure app name (BullPhish ID Sync) in all screenshots.



Intro para: Added - BullPhish ID supports dynamic and nested groups in Microsoft Entra ID.


Have more questions?

Contact us

Was this article helpful?
1 out of 1 found this helpful

Provide feedback for the Documentation team!

Browse this section