OVERVIEW:
This feature allows the import and synchronization of users and groups from Microsoft Entra ID, enhancing CurrentWare’s existing Active Directory integration. It enables administrators to define and apply policies for users in advance, so that when users connect to CurrentWare, the appropriate policies are already in place, ensuring consistent and seamless policy enforcement from day one.
Release Version: 12.0.0
Who Is This For?
This feature is designed for IT administrators who want to:
- Centralize user management in Entra ID
- Automatically import users into CurrentWare
- Keep user accounts and group memberships synchronized
- Reduce manual user administration and policy errors
What Gets Synced
Supported features
- Entra ID users
- Entra ID security groups
- Group-to-CurrentWare group mapping
- Scheduled synchronization
Prerequisites
Before connecting CurrentWare to Entra ID, you must create an App Registration in Entra ID.
Step 1: Register CurrentWare in Entra ID
- Sign in to the Microsoft Entra admin center
- Navigate to Azure Active Directory (Entra ID)
- Register a new application
- From the left-hand menu, click App registrations
- Click New registration

- Enter a name (example: CurrentWare User Sync)
- Select Single tenant
- Leave Redirect URI blank
- Click Register
Step 2: Record Required IDs
After registration, note the following values:
- Application (Client) ID
- Directory (Tenant) ID
These values are required when configuring the connection in CurrentWare.
CurrentWare supports Client Secret authentication (certificate-based authentication may be added later).
Create a Client Secret
- In the App Registration, go to Certificates & secrets
- Click New client secret
- Add a description and expiration
- Copy the Secret Value (this is shown only once)
Step 4: Assign Microsoft Graph Permissions
Once the group and client secrets are created, you need to apply read permissions on the group.
Assign Permissions
- Select the API Permissions (left-hand menu)
- Select Add Permission
- Select Microsoft Graph
- Search for these permissions:
- User.Read.All
- Group.Read.All

- Apply these permissions and on the main API Permissions window select Grant admin consent for your organization.

Connecting Entra ID to CurrentWare
- In CurrentWare, go to Tools → Import Users
- Select Action: Entra ID Import & Sync
- Enter the information for the following fields:
- Tenant ID
- Application ID
- Client Secret
- Click Connect
Once connected, CurrentWare will validate the credentials and prepare the group selection step.
Selecting Entra ID Groups
After a successful connection:
- Choose how users will be imported:
- By Entra ID Groups (Administrative Units may be supported in future releases)
- Select one or more Entra ID groups to import
- Review the detected users
Only users who belong to the selected groups will be imported into CurrentWare.
Group Mapping & Priority
- If a user belongs to multiple Entra ID groups, CurrentWare allows you to:
- Map Entra ID groups to CurrentWare groups
- Define group priority using drag-and-drop ordering
- The highest-priority group determines which policies are applied to the user.
This interface is the same as the existing Active Directory security group import workflow.
Sync Settings
You can configure synchronization behavior directly in the setup flow:
- Enable or disable synchronization
- Set the sync interval
- Edit or disconnect the Entra ID connection at any time
When sync is enabled, CurrentWare will:
- Add new users
- Update existing users
- Reflect group membership changes
Important Notes & Limitations
- Entra ID imports operate with directory-wide read permissions, so careful group selection is recommended
- Migrating from local Active Directory to Entra ID may require clearing existing users to avoid duplicates
- Users are matched using unique identifiers to prevent conflicts
- Operator accounts are not imported in this version
Troubleshooting
If the connection fails:
- Verify the Client Secret has not expired
- Ensure the correct Tenant ID is being used
- Review CurrentWare server logs for detailed error messages - Contact support at support@currentware.com
Security Considerations
- Client secrets should be stored securely
- Rotate secrets regularly based on your organization’s security policy