Content Comparison

...

Upon enabling the API Integration more customization options appear. Information is given for each configuration field below the screenshot.

...

AAD tenant's domain name* - This is a required field. Fill in the domain name saved above under Prerequisites section.
Sync All Groups data? (Yes/No)*- This is a required field. This controls the overall behavior as to whether or not sync any groups data. The default value is Yes. When set to No, Zilla will not sync all groups from Entra ID, No will only sync security-enabled groups. Default value: No.any group details from Graph.
Sync Security Enabled Groups Only? (Yes/No)*- This is a required field. The default value is Yes and Zilla will sync only Security Enabled Groups. When set to No, Zilla will sync all the groups provided the above field Sync Groups data is set to Yes.
Comma-separated attributes that identify a user - Provide an Entra ID specific attribute (e.g., employeeId, jobTitle, department, etc) for which you want to sync Entra ID users. For example, if you specify department, only accounts that have a defined department will be imported. If multiple attributes are specified, all accounts having at least one of the attributes defined will be imported. Be sure to refer to this document before entering the attribute, otherwise all the accounts will be marked as Service if the attribute does not match with what is specified in the document.
Auto Discover Azure Cloud subscriptions? (Yes/No)* - This is a required field. Yes will auto-discover all the Azure Cloud subscriptions and create application instances for them in Zilla. Default value: No.
Auto Sync discovered subscriptions? (Yes/No)* - This is a required field. Yes will automatically sync the auto-discovered subscriptions when the parent is synced. This value should be set to No if Auto Discover Azure Cloud subscriptions? (Yes/No) is set to No. Default value: No.
Enable account modifications? (Yes/No) - Yes will automatically revoke group memberships, group ownerships and permissions that have been flagged for revocation after an access review during a sync. Note: This setting is only available if Account Modifications are enabled in the tenant Settings.
Sync last login? (Yes/No) - Yes will bring lastLogin for a user activity of users. Default No.

Info

Note for syncing Last login:

To complete configuration of last login setting you must re-authenticate after setting Yes, check “Re-authenticate API integration” box if this is not the first sync.
Also, user who is authorizing the sync should have Global Administrator role.
The last login data that is synced in Zilla matches what is displayed on the User’s Overview page.
Image RemovedImage Added

Comma separated custom select fields (e.g., country, id) - This configuration allows you to retrieve additional fields from Microsoft Entra ID by specifying a comma-separated list of field names. For example, you can input "city, officeLocation" to retrieve the city and office location field. For more info refer this https://learn.microsoft.com/en-us/graph/query-parameters?tabs=http#select-parameter.
Enable account modifications? (Yes/No)* - This is a required field. Yes will automatically revoke group memberships, group ownerships and permissions that have been flagged for revocation after an access review during a sync. Note: This setting is only available if Account Modifications are enabled in the tenant Settings.

Click Sync Now/Next.
In the next pop-up, click Next.

...

Info

Note:

If user has already consented the sync with Enable account modifications? (Yes/No) and Auto Discover Azure Cloud subscriptions? (Yes/No) set to No, then when re-authenticating the consent screen will not be shown for the same Azure user performing the sync. If the above values are set to Yes then the same user will now see the consent screen even without re-authentication until that user gives consent for these permissions.

Troubleshooting guide

Expand

title	Authentication Issues like 401 or 403

401 Unauthorized

This error occurs when your session has expired or the authentication token is invalid.

How to Fix

Go to the configuration settings.
Image Added
Enable the "Re-authenticate API integration" option.
Click on “Sync Now” to refresh authentication.

403 Forbidden

This error indicates insufficient permissions to access the Microsoft API.

How to Fix

Verify Admin Consent in Microsoft Entra ID
- Go to Microsoft Azure Portal and log in.
- Navigate to Enterprise Applications.
  Image Added
- Search for your application and select it.
  Image Added
- Under the Security section, go to Permissions.
  Image Added
- Ensure the required permissions have Admin Consent.
  Image Added
Re-authenticate & Sync Again
- Re-authenticate your account, then click on Sync Now
  Image Added
- Proceed with the usual sync steps

Revoke and Reauthorize Permissions (if the issue persists)
- Follow the steps above to access the Permissions list.
- Revoke all security permissions for Zilla in Microsoft Entra ID.
- Grant the required permissions again.
- Reauthorize access through the sync process.

Expand

title	Not able to bring last login date?

Info

Note for syncing Last login:

To complete the last login configuration, set the Sync last login? (Yes/No) field to Yes. If this is not the first sync, check the "Re-authenticate API integration" box and re-authenticate.
Also, user who is authorizing the sync should have Global Administrator role.
The last login data that is synced in Zilla matches with what is displayed on the User’s Overview page.
Image Added

Include Page

	Integrations Footer
	Integrations Footer

...

Version	Old Version 38	New Version Current
Changes made by	Sowmya Manian	Sowmya Manian
Saved on	Nov 13, 2024	Feb 21, 2025

Versions Compared

Key

Troubleshooting guide

401 Unauthorized

How to Fix

403 Forbidden

How to Fix