1. Home
  2. Users & Roles
  3. User Accounts
  4. Add User Account (Entra ID/Microsoft 365 Source)
  1. Home
  2. Configuration
  3. Microsoft Entra ID
  4. Add User Account (Entra ID/Microsoft 365 Source)
Searching...

Add User Account (Entra ID/Microsoft 365 Source)

Contents

Purpose

This guide covers the process of adding a new user account when the source directory of Practice Protect is Microsoft Entra ID (formerly Azure Active Directory). Locking, provisioning, and account creation processes differ depending on whether your environment was setup in Practice Protect via Entra ID as Source (Legacy) or Entra ID SAML.

Note: If your Practice Protect deployment does not use Microsoft Entra ID as the source, please refer to the appropriate guide for your setup.

Prerequisites

  • Microsoft 365 Administrator Account – Required to create and manage user accounts in Microsoft 365 / Entra ID.

  • Practice Protect Administrator Account – Required to configure user access and SSO settings in Practice Protect.

  • Mobile Number of New User – Recommended if the user will also be enrolled in Practice Protect MFA for authentication purposes.

Identify the Source of a User Account in Practice Protect

  • Entra ID as Source (Legacy)

    1. Log in to Practice Protect and switch to the Admin Portal.

    2. Go to Core Services > Users.

    3. Check the Status column. If the Source shows Microsoft Entra ID or Azure AD, it means the account is set up as Legacy (Entra ID) in Practice Protect.

  • Entra ID SAML
    1. In Admin Portal, go to Settings > Users
    2. Under Sources, choose External Identity Providers


    3. If you see an External Identity Provider configured in the list, check its Status.

      • If the status is Active, this indicates that Entra ID SAML is set up.

      • The SAML configuration name will appear as Practice Protect SAML.

      If there is no External Identity Provider listed, this means Entra ID SAML is not configured in your environment.



Instructions

Add User in Microsoft 365

This step is typically performed by your IT team or the person who manages the Microsoft 365 Admin account.

  1. Login to Microsoft 365 Admin Portal
  2. Go to Active Users.
  3. Click Add a user.
  4. : Fill in the user’s details including the username, then click Next.
  5. Choose the Microsoft 365 license required for the new user and click Next.
  6. Under Optional Settings, click on Profile Info.
  7. Extra fields will appear. Fill in the mobile number of the user in international format. This is recommended as an MFA backup for Practice Protect (SMS OTP).

    Note: This step is optional. If you prefer to rely on Microsoft MFA for signing in to Practice Protect or plan to use another authentication method, you can skip adding a mobile number.
  8. Click Next to continue.
  9. Review the account and click Finish adding.

  10. The new account is now created in Microsoft 365.

    Recommendation: Before inviting the user to Practice Protect, ensure they know their credentials and can successfully sign in to Microsoft 365, including completing any MFA setup. This helps prevent login issues when accessing Practice Protect.

Microsoft Entra ID As Source (Legacy)

Invite the User to Practice Protect

  1. Login to Practice Protect and Switch to Admin Portal.


  2. Go to Users under Core Services

  3. Click Invite Users.
  4. Search the user account using the Email Address. Select User(s) and click Invite. Note: confirm source directory matches your requirement.

  5. Click Send Invites. This will send the users an email and also add the accounts to the User List in the Admin Portal.
  6. You can refresh the portal to see the new account by clicking on Reload Rights from your account dropdown option in the top right corner.
  7.  An updated list of Invited accounts will now show in the User List after the page is refreshed/reloaded

  8. Click on a user account to check Mobile number is showing. As Practice Protect pulls the account details from Microsoft 365 the mobile number can only be updated from Microsoft 365.
  9. Continue below to add new users to the required Roles. If users are not added to correct roles they may not be able to login to the portal or access their required apps.

Add User to Practice Protect Role

  1. Go to Roles.
  2. Search for the required Role and Open it. If unsure which roles are required, find a similar user and view assigned roles. Most firms will have a dedicated role that allows users access to the portal. For Country Restriction, Choose Country Name User – Geo locking, and for IP Restricted, choose Restricted User

  3. Go to Members.
  4. Click on Add.
  5. Search user with full Username/Email from Microsoft 365. Select and Click Add.
  6. Confirm User account(s) required are listed and click Save.
  7. Accounts are now added to the Role. Permissions referenced by Role members will now apply. 

Microsoft Entra ID SAML

Add User to the SAML Group (For Provisioning)

If you do not have a Microsoft Entra ID P1 license (or another license that supports custom groups), group-based provisioning will not be available. In this case, users must be provisioned manually by assigning them individually to the Practice Protect SAML application.

  1. Login to Microsoft Entra Admin Center
  2. Go to Entra ID > Groups.

  3. In All Groups, locate and open the standard group created by Practice Protect for SAML. This group is typically named Microsoft Entra ID – Practice Protect Users.
    Note: The group name may differ if your IT team collaborated on the setup and chose a custom group name.

  4. Click Add Members, select all the users you want to include, and then click Select.

  5. You will receive a notification in the upper-right corner confirming that the member(s) have been added successfully.
  6. Now, go to Entra ID > Enterprise Apps > All Applications under Manage.
  7. Locate and open the Practice Protect SAML application.

  8. Go to Users and Groups and check if the group Microsoft Entra ID – Practice Protect Users is assigned. If you see individual users instead of the group, it means the group is not being used. In this case, you must add the user manually by clicking Add User/Group.

    This step is only to verify whether provisioning is done via groups or individual assignments.

  9. Go to Provisioning.

  10. Select Provisioning on Demand. Use the search field to find the user and click Provision.

    You can also search for a group and tick the boxes next to each user (up to 5 users per provisioning) to provision them simultaneously. In this example, we are provisioning a single user.

  11. Once the provisioning sync is complete, click on Provisioning Logs under the Manage section and verify that there are no provisioning failures
  12. Return to Practice Protect, and the user should now appear as a newly added user.
  13. Add the user to the relevant role in Practice Protect, such as GeoLocking or assigning specific applications. For further assistance, you may contact Practice Protect Support.

 

Updated on December 24, 2025

Related Articles

Need Support?
Can't find the answer you're looking for?
Contact Support