Azure Active Directory® Plugin

What Does the Azure AD Plugin Do?

Azure Active Directory is a cloud-based directory service used for managing the access rights and identities of your Microsoft services, as well as external SaaS applications and other resources (via REST interfaces). To manage the AAD, you must use either the Azure Portal or PowerShell. However, with tenfold’s Azure AD plugin, you do not need either of these. tenfold is perfectly integrated with Azure AD, meaning that you can manage identities and access rights on premise and in the cloud centrally via tenfold’s intuitive user interface.

Regular Synchronization

Of course, you can still make changes directly in Azure AD. To ensure tenfold is always updated with these changes, the plugin regularly synchronizes tenfold with Azure Active Directory®.

Required License

System Requirements

For integration with Azure AD, the following requirements must be met:

  • tenfold must be set up as an app with the appropriate permissions.
  • Authentication requires a certificate.
  • The EXO2 modules must be installed on the tenfold computer (for the agent) (more information).


  • Allows adding, editing and removing cloud users.
  • Includes support for tenfold features: roles, user lifecycle management, user access reviews.
  • Hybrid users can be created locally and synced using Azure AD Connect or similar services.
  • Allows inviting and editing guest users, as well as adding and removing permissions.
  • Guest users are tracked as part of the the user access review feature.
  • Guest user privileges can be renewed during access reviews.
  • Support for all group types: Office 365, Security, Mail-Enabled, Distribution and Teams.
  • Assign groups
  • Remove groups
  • Assign licenses and apps
  • Remove licenses and apps
  • Block lists for certain license types and apps
  • Active guest accounts
  • Active guest accounts with Teams assignment
  • Deactivated Office 365 accounts with active license assignments
  • Automation: tenfold transmits changes to privileges and users automatically, which saves time because you no longer have to perform such tasks manually.

  • Reporting: At the click of a button, tenfold provides a clear overview of which users or groups have access to which privileges, or which privileges a specific user or group has access to.

  • Profiles/Roles: Privileges can be grouped together with resources and privileges from other target systems and linked to organizational units. This way, privileges will be assigned to and revoked from users and groups automatically, for example when users move to other departments.

  • Approval workflows: Both one-step and multi-step workflows are supported.

  • Recertification: Data owners can regularly review permissions for users and groups to ensure they are up to date and mark obsolete entries for removal. tenfold then removes flagged permissions automatically. Learn more about recertification with tenfold.

  • Auditing: Changes to permissions and groups are documented automatically. You can access historical data at any time and track which user or group had access to sensitive data. Learn more about change tracking.

  • Integration of data owners: Specify data owners whose job it is to look over certain privileges and who must approve requests as well as review privileges at regular intervals. 

Want to learn more?

Our video demo covers the full range of features
included in our powerful IAM solution.

View Demo

Want to learn more?

Our video demo covers the full range of features
included in our powerful IAM solution.

View Demo

Visit our blog for more tips & tricks on cyber security!