Synchronize user directory (Entra ID)

Dec 20th 2025

If your organization already uses Microsoft Entra ID (formerly Azure AD) to manage corporate users, you can seamlessly synchronize these identities with Access Gate. This integration is particularly valuable when combined with OIDC authentication, allowing users to log in to protected resources via Access Gate using their existing Entra credentials.

Network & Interface Requirements

For synchronization to work, the Secure Twin on the Access Gate appliance must have internet access, as it connects to Microsoft services like login.microsoftonline.com and graph.microsoft.com. If the secure twin port cannot reach these endpoints, synchronization will fail. Other interfaces such as those used for management, monitoring, or traffic inspection can remain isolated, depending on your deployment model.

Register Access Gate in Entra ID

Start by registering Access Gate as an application in the Azure Portal. Navigate to Entra ID → App registrations, then create a new application with a descriptive name, such as "Access Gate" or "Access Gate Authentication".

Configure the necessary permissions to allow Access Gate to list users and groups.

Next, add a Redirect URI (e.g., https://access-gate.example.com/entra/callback). This URI must match your internal DNS and point to the IP address of the Secure Twin port on the Access Gate appliance. Once configured, complete the registration process in the Azure Portal.

Configure Entra ID in Access Gate

In the Access Gate Management UI, go to the Users page and click "Configure Directory". Enter the application details, including the Client ID, Tenant ID, and Client Secret.

After saving, Access Gate will automatically synchronize users and groups in the background. You should see the user list update with the imported Entra ID identities.

Verification & Troubleshooting

To ensure everything works correctly, verify your network can reach Microsoft’s endpoints (login.microsoftonline.com and graph.microsoft.com). In Access Gate, confirm that users and groups are imported without errors.

In Entra ID, double-check that the Redirect URI matches exactly and that the required permissions are granted. A mismatch in the Redirect URI can cause authentication errors, such as AADSTS50011.