Documentation Index

Fetch the complete documentation index at: https://docs.databee.buzz/llms.txt

Use this file to discover all available pages before exploring further.

Azure Entra ID Governance

  • Published on Jun 11, 2026
  • 3 minute(s) read
Prev Next

Azure Entra ID Governance feed ingests identity governance and access review events to provide visibility into user access, entitlement management, and lifecycle governance activities across the organization. It captures governance-related entities such as access reviews, role assignments, group memberships, and approval decisions to support compliance monitoring, auditing, and security analytics. For detailed information refer documentation.

Integration Method: API

Tables: Ticket Inventory (99405001), User Access Management (3005)

This integration supports the following type of events.

Event

Description

Access review decisions

Captures the decisions and outcomes of access reviews in Microsoft Entra ID Governance, including approval, denial, or review actions performed on user access and entitlements.

User account details

Retrieves user identity and account details from Microsoft Entra ID Governance, including account attributes, access information, and governance-related user properties.

This integration supports the following versions.

Microsoft Graph API version

v1.0

Note:

Azure Entra ID Governance is a continuously updated cloud service. As for this document preparation, the latest release was in April 2026.

Prerequisites

  • The user should have access to the Azure portal with an account that has the Global Administrator role. 

  • The user should have access to the DataBee console.

Configuration Overview

  1. Create an application with required permissions to fetch the data.

  2. Create Azure Entra ID Governance in the DataBee console with the required Client credentials.

    DataBee Parameter

    Azure Parameter

    Client Key

    Application (client) ID

    Client Secret

    Client Secret Value

    Token URL(<application_id>)

    Directory (Tenant) ID

Azure Configuration

Create an application

  1. Log on to Azure portal with an account that has the Global Administrator role.  

  2. In the search bar, search for App registrations and select it.
     

  3. On the “App registrations” page, select New registration. “Register an application” window will appear.  
     

  4. On the “Register an application” window: 

    1. Under Name, enter your Application Name then click on Register to create the application.
       

  5. On the app Overview page, copy the Application (client) ID and Directory (tenant) ID for later use.
     

Add Endpoint Access

Once the application is created, three permissions should be provided in order to fetch data. The appropriate permissions for the application are needed to access these endpoints. The following section details how to configure and add permissions to the required endpoints.  

Add Permissions

From the Azure Active Directory portal:  

  1. Select the application registered in the previous step.

  2. Under Manage, click API permissions and then click Add a permission, the “Request API permissions” window will appear.
     

  3. On “Request API permissions” window, click on Microsoft APIs then on Microsoft Graph.
     

  4. Click on Application permissions.
     

  5. The following permissions need to be granted for the endpoint to function properly:

    Event

    Type

    Permission  

    Users

    Application

    User.Read.All

    Access reviews

    Application

    AccessReview.Read.All

    Access reviews

    Application

    AuditLog.Read.All

  6. In the Select permissions search bar, enter the permissions shown above, and check the box to include them. 
     

  7. Click the Add permissions button after selecting all required permissions.
     

  8. On the “API permissions” page, click Grant Admin Consent for <tenant>
     

  9. Click the Yes button on the consent confirmation.
     

  10. The necessary permissions have now been added for the endpoints. After this step, the permissions should include at least the minimum required permissions shown in the screenshot below.
     

Create the Client Secret

The final step to access the APIs is creating a Client Secret. To create it from the Azure Portal:  

  1. Select the application created above.

  2. Under Manage, click Certificates & secrets, and then Client secrets
     

  3. Click New client secret. Then “Add a client secret” window appears. 
     

  4. On “Add a client secret” window:

    1. Enter a Description for this client secret and select the desired expiry period from the Expires drop-list.

    2. Then click on Add to create the client secret.
       

      Note:

      The user needs to re-create the client secret when it expires.

  5. Copy the Value fields for later use.
     

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the Azure Entra ID Governance and click it as shown below.

  3. Click on the API Ingest option for collection method.
     

  4. Enter feed contact information and scroll down.

  5. In the configuration page, confirm the following:

    • API Base URL: This is the base URL that DataBee will interact with.

    • Authorization Method: OAuth2

    • Client Key: Paste the Application (Client) ID generated earlier

    • Client Secret: Paste the Client Secret Value generated earlier in the Azure portal.

    • Token URL: Replace <application_id> placeholder with your Directory (Tenant) ID.

    • Event Types: Preselected for all the event types that integration pulls.
       

  6. Click on the Test Connection to verify that the credentials are valid and the connection is successful.
     DataBee g Data 88 Compliance Search x Connection successful! < Data Management Setup Data Lake Setup First Data Feed 3 Complete First Ingest CONSOLE Overview Configure Data Feed Back View Documentation DATA Data Feeds A Azure Entra ID Governance Collections Provide a name for this data feed and an owner contact Data Feed Name * Owner Name * Unprocessed Events azure-entra-id databee WORKFLOWS Enter a user friendly name for the data feed Enter a point of contact for the data feed E Data Quality Alerts Owner E-mail * Include Feed in Entity Resolution Enable this option to include the feed in entity resolution. databee@comcast.com Full Entity Resolution Creates and edits entities automatically when discovered in data. Associate Only Links new events to existing entities without modifying their attributes. User Full Entity Resolution Associate Only Device Full Entity Resolution Associate Only Application O Full Entity Resolution Associate Only

  7. Click Submit.

    Note:

    If the test connection fails, the Submit button will remain disabled. Onboarding cannot proceed until the issue is resolved and the test connection is successful.

Troubleshooting Tips

  • If you are facing an invalid client or unauthorized client error this might be possibly due to incorrect credentials. Ensure the client key, client secret and Tenant ID are pasted correctly. Since you cannot view the client secret after the 1st time, re-create it, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

  • If you are facing 403 response code this might be possibly due to missing permissions. Ensure that all the required permissions are granted correctly as per the above-mentioned steps.

Copyright © 2026 DataBee®, A Comcast Company.
DataBee® is a registered trademark of Comcast.