Overview
Configure Maverics to source attributes for claims, headers and authorization rules using Entra ID as an attribute provider.
.png?sv=2022-11-02&spr=https&st=2025-08-16T00%3A48%3A35Z&se=2025-08-16T00%3A59%3A35Z&sr=c&sp=r&sig=48OS4q%2Fhv%2FIpWQdYYyrXGpMDJ2nvEu%2Fhy7qk3EG%2F8fI%3D)
Identity Fabric → Microsoft Entra ID Attribute Provider → Configure Identity Fabric → Select as attribute provider in user flow
Steps
Go to Identity Fabric, click Create, and select Microsoft Entra ID Attribute Provider from the list.
Configure the Identity Fabric for your Microsoft Entra ID instance.
Setup an attribute provider in a user flow.
Select your Entra ID Attribute Provider identity fabric in the Attribute Provider section.
Select the Identity Provider that is being used for authentication.
Select the attribute provided by the IDP that will be mapped to the OUD Search Key to look up attributes.
Using it in a user flow:
Authorization: Select attributes from Entra ID for roles or attribute based policies.
Claims and headers: Select attributes from Entra ID to be included in OIDC claims, SAML assertions, or Proxy App headers.
Configure Identity Fabric
Maverics requires the following information for Entra ID as an attribute provider.
Use a Secret Provider
Production settings ought to implement a secret management system. Maverics connects with multiple secret management systems, which keep secrets that Orchestrator instances retrieve during startup. To cite a secret from your provider, enclose the name in angle brackets. (e.g. <app client-id>)
Learn more about Secret Providers
| Name | Description | Example |
|---|---|---|
| Name | The friendly name of your attribute provider. | Company_Entra_Graph_Attr_Provider |
| Microsoft Graph URL | Defines the endpoint used to make calls to the Microsoft Graph API. | https://graph.microsoft.com |
| OIDC Well Known URL | The URL that returns OpenID Connect metadata about the Entra ID authorization server. Replace | https://login.microsoftonline.com/[TENANT ID]/v2.0/.well-known/openid-configuration |
| OAuth Client ID | The client ID of the registered Maverics application. | 12345678-abcd-9876-efgh-123abc456def |
| OAuth Client Secret | The client secret of the registered Maverics application. Production environments should use a secret management solution. Maverics integrates with various secret management solutions, which store secrets that Orchestrator instances load when starting up. | secret_value |
Entra ID Configuration
Log into Entra ID.
Find the Maverics App Registration entry.
Click on API Permissions.
Select Microsoft Graph.
Select Application Permissions.
Find and select the User.Read.All permission. Click Add Permission.
If required by your organization, click "Grant admin consent for [ORGANIZATION]"
Required Permissions
The User.Read delegated permission is not sufficient for retrieving all of a user's attributes.
