Connect an identity provider
Integrate your IdP with Threatmatic for identity-aware enforcement
Connect an identity provider
Threatmatic performs continuous identity mapping across both user and application axes. Connecting an identity provider (IdP) allows Threatmatic to automatically resolve user identities, sync groups, and enforce policy before IAM interfaces are even required.
Supported providers
- Microsoft Entra ID (formerly Azure AD)
- Okta
- Google Workspace
- Generic SAML 2.0 / OIDC
Steps
Open Identity Settings
- Sign in to the Console
- Go to Organization → Identity → Providers
- Click Add Provider
Select your provider
Choose your identity provider from the list. Threatmatic will display the required configuration fields for that provider.
Configure the connection
- In the Azure Portal, register a new application under Entra ID → App
Registrations 2. Copy the Client ID, Tenant ID, and create a
Client Secret 3. Paste these into the Threatmatic Console 4. Grant the
following Microsoft Graph permissions:
User.Read.All,Group.Read.All
- In Okta, create a new OIDC Web Application 2. Set the redirect URI to the value shown in the Console 3. Copy the Client ID and Client Secret into the Console 4. Assign the application to the groups you want to sync
- In Google Cloud Console, create a new OAuth 2.0 client 2. Enable the Admin SDK Directory API 3. Copy the Client ID and Client Secret into the Console 4. Authorize the required scopes for directory access
- Obtain the Metadata URL or OIDC Discovery URL from your provider
- Paste it into the Console — Threatmatic will auto-discover the required
endpoints 3. Configure attribute mappings for
email,groups, anddisplay_name
Test the connection
Click Test Connection. Threatmatic will verify credentials and attempt to read a sample of users and groups.
Enable sync
Once the test passes, click Enable Sync. Threatmatic will begin mapping user and group identities immediately.
Identity sync runs continuously. Changes in your IdP (new users, group changes, deprovisioning) are reflected in Threatmatic within minutes.
Next steps
How is this guide?
Last updated on