Integrations
From first login to actionable identity data in minutes. Not days. Not weeks.
The deployment conversation at every hybrid org goes the same way. The cloud team wants data from on-prem AD. The network team says "open a firewall rule." The CISO says absolutely not. The project stalls for six months while everyone argues about VPN tunnels and jump boxes. We built GraphnAI so that conversation never has to happen.
Cloud Identity: Microsoft Entra ID
Open your browser. Enter your admin email. Authenticate with a Microsoft device code. The setup wizard auto-provisions an Entra ID App Registration, generates certificates, and configures authentication. No manual Azure Portal work. No config files. No back-and-forth with your cloud team.
Your first Entra ID sync runs automatically as the last step of setup. Users, groups, roles, service principals, OAuth2 grants, and app role assignments flow into the identity graph. Within minutes of completing the wizard, you have actionable cloud identity data.
On-Premises: Active Directory via Identity Bridge
Your network team will approve this one. The Identity Bridge is a lightweight containerized agent deployed inside your network. It reaches out to GraphnAI, not the other way around. Outbound WebSocket, encrypted with mTLS client certificates that the platform auto-provisions. Zero inbound ports. Zero VPN. Takes about 10 minutes to deploy.
The Bridge collects everything you need from Active Directory: users, groups, computers, OUs, GPOs, and full ACL security descriptors including inherited permissions and delegation chains. After the first full sync, delta tracking via USN means you're only transmitting changes. Your domain controllers aren't getting hammered every hour.
Multi-Forest and Hybrid Domain Detection
During that first Entra ID sync, the platform automatically detects hybrid-joined on-prem domains in your tenant data and prompts you to configure a Bridge. After the Bridge is running, it can auto-discover additional forests and domain controllers beyond the hybrid-joined ones. LDAPS capability checking, domain controller enumeration, and pre-populated configuration. No manual DNS spelunking.
Security Telemetry
Identity posture tells you what's misconfigured. Telemetry tells you what's actually happening. GraphnAI ingests Windows Security Event Log data covering authentication, privilege use, Kerberos operations, directory access, group changes, and audit policy modifications. Events are normalized into a unified model so on-prem and cloud authentication data correlate in a single investigation timeline.
Entra ID sign-in logs and audit logs flow in alongside the on-prem data. When an identity authenticates to both AD and Entra ID, both event streams appear in the same timeline. Hybrid investigation without switching between consoles.
API Access
Domain-scoped API keys give your existing tools access to GraphnAI analysis results, inventory data, and detection alerts. Pipe over-permission findings into your SIEM. Feed detection alerts into your SOAR playbooks. Export inventory data to your GRC tool for audit reporting. RBAC-enforced, rate-limited, and fully audit-logged.
Integration Summary
- Microsoft Entra ID via Microsoft Graph API. Auto-provisioned setup wizard. Server-side sync, no agent required.
- On-Premises Active Directory via Identity Bridge. Outbound-only mTLS WebSocket. Full LDAP + ACL + GPO collection with USN-based delta sync.
- Multi-Forest with automatic hybrid domain detection and post-deployment forest discovery.
- Security Event Telemetry from Windows Security Event Logs and Entra ID audit logs. Normalized event model for cross-source correlation.
- REST API with domain-scoped keys, RBAC, and rate limiting for SIEM/SOAR/GRC integration.
Setup guides: Identity Bridge · Entra ID Setup · Domain Discovery · Telemetry Pipeline · API Keys