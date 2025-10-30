In the Teleport Web UI, from the side-navigation, select “Add New > Integration”. Next, select the “Microsoft Entra ID” tile. In the Teleport Microsoft Entra ID configuration UI, you will notice a default integration name “entra-id” is already populated for you. You will need to select Teleport user(s) that will be assigned as the default owner of Access Lists that are created for your Entra ID groups. In the next step, you will be provided with a Entra ID configuration script.

To begin integration, run the tctl plugins install entraid command. tctl plugins install entraid \ --name entra-id-default \ --auth-connector-name entra-id \ --default-owner= Access List Owner \ --auth-server example.teleport.sh:443 The --name flag specifies the resource name of the Entra ID plugin. The --auth-connector-name flag specifies the name of the auth connector this integration will create. The --default-owner flag specifies default owners for the Access Lists that will be created in Teleport based on the groups imported from the Entra ID. The command will generate a configuration script in the current directory from where the tctl is invoked.