--- title: Azure Active Directory API Integration on Truto slug: azureactivedirectory category: SSO canonical: "https://truto.one/integrations/detail/azureactivedirectory/" --- # Azure Active Directory API Integration on Truto **Category:** SSO **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Activities** — Activities are the actions performed by users in the source application. - **Licenses** — Licenses represent concepts like user seats in apps that support them - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ### Unified Search API - **Search** — Search endpoint for all the apps. ## How it works 1. **Link your customer's Azure Active Directory account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Azure Active Directory.** The Proxy API is a 1-to-1 mapping of the Azure Active Directory API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Sync enterprise employee directories into your SaaS product** — Pull users, departments, job titles, and manager hierarchies from Azure AD so your app always has an up-to-date view of your customer's org structure — no CSV uploads required. - **Automate role-based access using Azure AD groups and roles** — Map Azure AD security groups and directory roles to permission levels inside your product, letting enterprise IT admins control who gets access to what without touching your app's admin panel. - **Power compliance dashboards with sign-in and audit activity data** — Ingest Azure AD activity logs to surface sign-in anomalies, track admin role assignments, and generate audit-ready compliance reports that CISOs demand before signing enterprise contracts. - **Verify license entitlements before enabling features** — Check which Microsoft 365 licenses a user holds via Azure AD so your product can conditionally unlock integrations or workflows that depend on specific Microsoft subscription tiers. - **Enable enterprise search across the Azure AD directory** — Let your users search for colleagues by name, department, or office location directly within your product, powered by real-time lookups against Azure AD via the Unified Search API. ## What you can build - **Auto-populated org chart** — Automatically build and maintain an interactive organizational hierarchy inside your app by syncing user profiles and manager relationships from Azure AD. - **Real-time employee directory with search** — Ship a searchable, always-current people directory that pulls names, emails, job titles, departments, and office locations directly from your customers' Azure AD tenants. - **Group-based workspace provisioning** — Automatically create workspaces, channels, or project boards in your product when users belong to specific Azure AD security groups, eliminating manual setup for IT admins. - **License-aware feature gating** — Check a user's assigned Microsoft 365 licenses at login and dynamically enable or restrict product features that depend on specific subscription tiers. - **Sign-in activity anomaly alerts** — Surface suspicious login patterns by ingesting Azure AD sign-in logs and flagging unusual IP addresses, geolocations, or authentication failures in your security dashboard. - **Admin role audit report** — Generate a downloadable compliance report listing all users with privileged Azure AD directory roles, including when those roles were assigned, for SOC 2 and ISO 27001 reviews. ## FAQs ### How does authentication work for Azure AD integrations through Truto? Azure AD integrations use OAuth 2.0 with the Microsoft identity platform. Truto handles the full auth flow — token acquisition, refresh, and consent scoping — so your end users simply authorize access through a standard Microsoft login prompt. ### Which Unified APIs does Azure Active Directory map to in Truto? Azure AD maps to the Unified User Directory API (covering Users, Roles, Licenses, and Activities) and the Unified Search API (covering Search). These provide a standardized interface for reading directory data across multiple identity providers. ### Are there specific tools available for Azure AD, or is it built on request? Azure AD currently has no pre-built tools — they are built on request. The integration is fully supported through Truto's Unified User Directory and Unified Search APIs. If you need a custom tool or workflow, Truto can build it to match your specific use case. ### What about Microsoft Graph API rate limits? Microsoft Graph enforces per-app and per-tenant throttling limits that vary by endpoint. Truto manages pagination, retries, and backoff automatically so you don't need to handle 429 responses or build your own rate-limiting logic. ### Can I access Azure AD audit and sign-in logs through Truto? Yes. Activities are part of the Unified User Directory API. This covers audit logs and sign-in activity data available through Microsoft Graph, subject to the Azure AD license tier of your customer's tenant (some log data requires Azure AD Premium P1 or P2). ### Does Azure AD support write operations through Truto? Write capabilities depend on the specific tools built for your integration. Since Azure AD tools are built on request, you can work with Truto to enable user profile updates or other write-back operations via the Microsoft Graph API as needed.