Integrate Active Directory

Active Directory integration in Zaperon connects your Microsoft identity infrastructure to the Zaperon platform, enabling automatic user and group synchronization for centralized, policy-based access control. This integration uses a Microsoft Enterprise Application registered in Azure Portal to establish a secure, permission-controlled sync channel between your Active Directory tenant and Zaperon. 

Active Directory integration in Zaperon is the process of connecting your Microsoft Azure AD or on-premises Active Directory tenant to Zaperon so that user identities and group memberships can be synchronized and used as the identity foundation for all access control policies.

Once integrated, Zaperon continuously reflects changes in your Active Directory, including new user additions, user updates, and account deprovisioning, ensuring that access permissions across all applications and Zero Trust policies remain aligned with your current organizational structure at all times.

• Eliminate Manual User Provisioning: User identities sync automatically from Active Directory into Zaperon, removing the need for manual account creation and management

• Accurate Identity Source: Zaperon uses your Active Directory as the single source of truth for all authentication and access control decisions across the platform

• Automatic Deprovisioning: When a user is removed or disabled in Active Directory, their access in Zaperon is revoked automatically at the next sync, reducing the risk of orphaned accounts

• Group-Based Policy Enforcement: Sync Active Directory groups into Zaperon to apply Zero Trust Access Policies and application permissions at the group level without individual user configuration

• Zero Trust Alignment: Active Directory identity data powers continuous verification in Zaperon's Zero Trust framework, ensuring every access request is evaluated against a verified, current identity

• Compliance Readiness: Maintain a verified, auditable identity source that supports governance and regulatory compliance requirements across frameworks including GDPR, HIPAA, SOC 2, RBI, and SEBI

• Automating User Provisioning at Scale

For organizations with large user bases, manually creating and managing individual accounts in Zaperon is not scalable. Active Directory integration automates user provisioning by syncing all users from the connected tenant into Zaperon, saving administrative time and ensuring no user is missed during onboarding.

• Enforcing Group-Based Zero Trust Access Policies

Organizations that manage access permissions by department or role in Active Directory can sync those groups into Zaperon and apply access policies at the group level. This ensures that when a user's group membership changes in Active Directory, their access in Zaperon updates automatically at the next sync.

• Instant Access Revocation on Offboarding

When an employee leaves the organization and their Active Directory account is disabled or deleted, Zaperon reflects that change after the next directory sync, automatically revoking their access to all connected applications and resources without requiring manual intervention in Zaperon.

• Supporting Hybrid and Cloud Identity Environments

Organizations running hybrid identity environments with both on-premises Active Directory and Azure AD can integrate their Microsoft tenant with Zaperon to maintain a unified identity foundation across cloud and on-premises access scenarios.

• Maintaining Compliance with Identity Governance Requirements

Regulatory frameworks require organizations to demonstrate that user access is tightly controlled and aligned with current employment status. Active Directory integration with Zaperon provides a continuous, automated identity governance layer that supports audit readiness and compliance reporting.

Before integrating Active Directory with Zaperon, ensure the following are in place:

• Active Zaperon administrator account with directory management permissions

• Access to the Azure Portal with permissions to create and configure App Registrations

• Microsoft Azure AD tenant with users and groups to be synced into Zaperon

• Required Microsoft Graph API permissions available for the enterprise application

• Note your Azure tenant ID and application ID as these will be required during Zaperon directory configuration

• Back up any existing directory configurations in Zaperon before making changes

• Refer to Sync a Directory after completing this integration to verify users are populating correctly

Note: The following Microsoft Graph API permissions are required for the integration to function correctly: Application.ReadWrite.All, Application.ReadWrite.OwnedBy, Group.ReadWrite.All, User.EnableDisableAccount.All, and User.ReadWrite.All. Admin consent must be granted for all permissions after configuration.

Once Active Directory is successfully integrated and synced with Zaperon, all users from the selected tenant will be provisioned into Zaperon and available for policy assignment, group-based access control, and application permissions. Subsequent syncs will reflect any changes made in Active Directory including new users, group updates, and account deactivations.

Once a directory is added in Zaperon, you can manage it throughout its lifecycle without reconfiguring the integration.

Use the following options to update settings, control sync behavior, or remove the directory when it is no longer required:

→ Refer to Sync a Directory.

→ Refer to Edit a Directory.

→ Refer to Delete a Directory.

Integrating Active Directory with Zaperon establishes a secure, automated identity sync between your Microsoft tenant and the Zaperon platform. By using Active Directory as the authoritative identity source, organizations can eliminate manual provisioning, enforce group-based Zero Trust policies, automate offboarding access revocation, and maintain a continuously accurate identity foundation that supports both security and compliance requirements across the organization.