# Entra ID integration for workflows To integrate the Microsoft Graph API with the Nexthink platform, you need to establish two points of integration. One point of integration is required to bring UPN to the data model user table. Another integration point is required to handle the API credentials. {% hint style="warning" %} Note that permissions for connector actions are outside the scope of this page. Refer to the corresponding API endpoint documentation for more information on each connector action and required permissions. {% endhint %} ### Entra ID integration The workflow utilizes the Universal Principal Name (UPN) from Entra ID integration. This is necessary to populate the UPN into the Nexthink data model, where it is mapped to the `user.ad.name` field. For more information on setting up the Nexthink connector to Entra ID, refer to the [Connector for Microsoft Azure Active Directory](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/integrating-nexthink-with-third-party-tools/inbound-connectors/connector-for-microsoft-entra-id-azure-ad). The result of this integration should be that the user UPN is populated in the Nexthink user table. This user UPN is then utilized in the workflow when making Graph API calls. The following screenshots provide an example of an Entra ID connector setup and demonstrate that, when correctly set up, the users table populates with user names.

### Graph API connector integration Configuring connector credentials is essential for enabling API calls. Refer to the detailed information on the [Connector credentials ](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/integrating-nexthink-with-third-party-tools/outbound-connectors/connector-credentials)documentation page. Each Service/API thinklet has a dropdown field for credentials that needs to be filled out. When the workflow is installed or copied from the Library, this field will be blank, as it is a local setup of each environment and is not included in the Library. It’s crucial to add API read/write permissions in the Entra ID application registration setup.

Thinklet with credentials field maintained

Application ID in Entra application is maintained as Client ID in credential setup.

Tenant ID is used as part of the Access token URL

Client secret needs to be copied from App registrations, Certificates & secrets

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nexthink.com/platform/library-packs/faq/entra-id-integration-for-workflows.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.