> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/pam/pam-with-devolutions-cloud/providers/entra-id-user-provider.md).
# Entra ID user provider
The Entra ID user provider allows Devolutions Cloud to store the Entra ID application information to be used for Entra ID automatic password rotation.
### General
| Option | Description |
| ------------------- | ------------------------------------------------------------------------------------------------------------------- |
| **Name** | Display name of the provider. |
| **Description** | Description of the provider. |
| **Tenant ID** | ID of the Azure tenant. |
| **Client ID** | ID of the Azure application. |
| **Secret key** | Secret key of the Azure application. |
| **Test connection** | Test the connection. If the connection fails, check the validity of the information you have entered and try again. |
### Checkout policy
| Option | Description |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Checkout policy mode** | Choose a checkout policy mode:
- Default (inherited)
- Inherited: Inherit the checkout policy defined in Administration – Privilege access management – Settings – Checkout policy.
- Custom: Defines a custom checkout policy or uses the checkout policies defined in Administration –Privilege access management – Checkout policies.
|
### Account lifecycle policy mode
| Option | Description |
| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Account lifecycle policy mode** | Choose a checkout policy mode:
- Default (inherited)
- Inherited: Inherit the account lifecycle policy defined in Administration –Privilege access management – Settings – Account lifecycle policy.
- Custom: Defines a custom checkout policy or uses the checkout policies defined in Administration –Privilege access management – Account lifecycle policies.
|
### JIT privilege elevation
| Option | Description |
| ------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Select provider privileges to make available for temporary elevation** | Select the Active Directory groups of which a privileged account will be elevated to member status. Click on the pen icon next to a selected group to assign a Devolutions Cloud display name to it. |
| **Enable privilege sets** | Create privilege sets to group similar privileges together by assigning provider privileges and privileged accounts. |
#### See also
* [Devolutions Academy - Understanding the PAM Provider](https://academy.devolutions.net/student/path/2354099/activity/3423445)
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.devolutions.net/pam/pam-with-devolutions-cloud/providers/entra-id-user-provider.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.