Troubleshoot Microsoft Entra ID user enrollment and management

This information provides solutions to issues with enrolling and managing users in MA using Microsoft Entra ID.

Tip:

For integration steps, see Enroll users in MA using Microsoft Entra ID or Microsoft 365 Active Directory.

Client secret missing or incorrect

This error displays: Have you entered a Client Secret ID? Please enter the Client Secret Value or recreate your Client Secret and enter the Value..

Note:

When the error message populates, a warning dialog appears that reads: Please correct errors in form and try again. If errors persist, please submit a ticket in your Arctic Wolf Portal..

Possible causes:

  • You entered:
    • The field value for another field.
    • An incomplete field value. For example, you did not enter the last character of the value.
    • The wrong character in the field. For example, the number 0 instead of the letter O.
    • A space at the beginning or end of the value.
  • You used a Client Secret value that:
    • Is 34–35 characters long.
    • Contains characters other than a dash. For example, a tilde (~).
    • Does not repeat a pattern in the same way that a client secret ID does.

    Example Client Secret value:

    J6~XME~i36.E.ib2T0p_iV11UdG11j~_O

Resolution:

  1. Verify that you entered the Client Secret value into the correct field.
  2. If the Client Secret value is in the correct field, but the error message remains:
    1. Sign in to the MA Portal.
    2. Click Settings > User Management.
    3. Clear the Client Secret field.
    4. In the Azure Admin Portal, copy the Client Secret value.
      Tip:

      Click Copy to clipboard to avoid leading or trailing spaces.

    5. Click Settings > User Management.
    6. Paste the client secret value in the Client Secret field.
    7. Verify that the remaining fields are configured, and then click Test Connection.
  3. If the same error message reappears, return to the Azure AD Tenant and delete the value that was created.
  4. Create a new Client Secret value and copy it.
  5. Return to User Management in the MA Portal, and enter the credentials and the Client Secret value.
  6. If the error persists, submit a ticket in the Arctic Wolf Unified Portal for assistance.

Insufficient privileges to complete operation

This error displays: Connection Failed: Insufficient Privileges to complete the operation. Ensure the AD API Permissions have been setup correctly. Please return to the AD API permissions created for Managed Awareness and review the following: Verify the AD API Permissions for both Directory.Read.All and User.Read.All are "Application" Permissions not "Delegated" Permissions. Ensure that you have selected "Grant Admin Consent" Please refer to the Configuration Guide..

Possible cause: The API permissions in your Microsoft Entra admin center were incorrectly configured during app registration.

Resolution:

  1. Sign in to the Azure Admin Portal.
  2. Click App Registrations, and then select the Arctic Wolf Managed Security Awareness® (MA) registration.
  3. Remove the fields marked Not granted for Arctic Wolf.
  4. Click Add a permission, and then select Microsoft Graph.
  5. Click Application permissions.
    Note:

    Do not select Delegated permissions. This will not provide the API permissions required for MA setup and generates an Insufficient permissions error message.

  6. In the Select permissions field, search for and select these permissions:
    • Directory.Read.All
    • User.Read.All
  7. Click Add permissions.

    The Configured permissions screen lists the permissions that you added.

  8. On the Configured permissions screen, verify that:
    • User.Read is selected.
    • The Type is Delegated.
    Note:

    Do not change the default permission and do not remove the Type from the permissions.

  9. In the Status column beside each permission, if you see a message similar to Not granted for company_name, click **Grant admin consent for company_name**.
  10. Sign in to the MA Portal.
  11. Click Settings > User Management.
  12. Enter your credentials.
  13. If the error persists, submit a ticket in the Arctic Wolf Unified Portal for assistance.

The Awareness Group ID and Groups fields are empty

In the Integration box of the User Management tool, the Awareness Group ID and Groups fields are empty.

Possible cause: There is no AD Group associated with your AD integration and no users can be synced. Select, query, and save the AD Group to complete the integration. You might have:

  • Not completed the AD integration.
  • Not started the AD integration.
  • Not clicked Save when completing the AD integration.

Resolution:

  1. Sign in to the MA Portal.
  2. Click Settings > User Management.
  3. Click Test Saved Connection.
  4. In the Groups list, click the AD Group.
  5. Click Query.

    The name of the AD Group and the number of participants who will be active users of the MA program populate.

  6. Click Save.
  7. Click Sync Now.
    Tip:

    To confirm that the sync was successful, go to Administration Dashboard > User Information, and then compare the active user count to the synced number of users in the User Management tool.

  8. If the sync is:

Invalid client secret value expiration date

This error displays: The Client Secret Value Expiration date must not have already occurred. Please enter the correct Client Secret Expiration Date.

Possible cause: The client secret expiration date is in the past.

Resolution: Check the Client Secret expiration date. If the date:

  • Has occurred — Edit the expiration date:
    1. Sign in to the MA Portal.
    2. Click Settings > User Management.
    3. Clear the Client Secret expiration date field.
    4. In the Azure Admin Portal, in the App Registration section, review the Client Secret expiration date.
    5. Click Settings > User Management.
    6. Re-enter the Client Secret expiration date.
  • Has not occurred — Enter the Client Secret Value again to make sure it is correct.

Invalid GUID value

This error displays: Value is not a valid GUID. Please enter a valid Application (Client) ID.

Note:

When the error message populates, a warning dialog appears that reads: Please correct errors in form and try again. If errors persist, please submit a ticket in your Arctic Wolf Portal.

Possible cause:

You have entered a GUID that is:

  • Not complete.
  • Missing characters.
  • In the wrong input field.

Resolution:

  1. Make sure you entered the Application (Client) ID into the correct field.
  2. If the application (client) ID value is in the correct field, but the error message remains:
    1. Sign in to the MA Portal.
    2. Click Settings > User Management.
    3. Clear the Application (Client) ID field.
    4. Click Azure Admin Portal > App Registrations, and then select the Arctic Wolf Managed Awareness registration.
    5. Copy the relevant GUID.
      Tip:

      Click Copy to clipboard to avoid leading or trailing spaces.

    6. Click Settings > User Management.
    7. Paste the GUID into the Application (Client) ID field.
    8. Verify that the remaining fields are configured, and then click Test Connection.
  3. If the error persists, submit a ticket in the Arctic Wolf Unified Portal for assistance.

GUID unavailable

This error displays: Connection Failed: GUID not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this might happen is there are no active subscriptions for the tenant. Trace ID: ID.

Possible cause:

You have entered:

  • The field value for another field. For example, the directory (tenant) ID value.
  • An incomplete field value. For example, you did not enter the last character of the value.
  • The wrong character in the field. For example, the number 0 instead of the letter O.
  • A space at the beginning or end of the value.

Resolution:

  1. Make sure you entered the application (client) ID value into the correct field.
  2. If the application (client) ID is in the correct field, but the error message remains:
    1. Sign in to the MA Portal.
    2. Click Settings > User Management.
    3. Clear the Application (Client) ID field.
    4. In the Azure Admin Portal, copy the application (client) ID value.
      Tip:

      Click Copy to clipboard to avoid leading or trailing spaces.

    5. Click Settings > User Management.
    6. Paste the application (client) ID value in the Application (Client) ID field.
    7. Verify that the remaining fields are configured, and then click Test Connection.
  3. If the error persists, submit a ticket in the Arctic Wolf Unified Portal for assistance.

Client secret value expired

This error displays: The Client Secret for your Managed Awareness Program has expired. Please refer to the Managed Awareness Configuration Guide to follow the steps for creating a new Client Secret, copy the Client Secret VALUE and re-enter the new Secret VALUE with your credentials to reinstate your AD Group Sync with Managed Awareness..

Possible cause: The Client Secret value for your AD integrated app registration has expired.

Resolution: Create a new Client Secret value with a valid expiration date. See Update your Entra ID client secret for more information. If the error persists, submit a ticket in the Arctic Wolf Unified Portal for assistance.

Error: No users found in the selected group

This error displays: No users found in the selected group.

Possible cause: If you have completed the integration and there are no users in the MA Portal after the synchronization runs, it is likely that you configured “nested groups.” At this time, Arctic Wolf does not support nested groups.

Resolution:

  1. Do one of these actions:
    • Add users individually to this AD group.
    • Select and then add users to a different AD group.
  2. Query the AD user group.
  3. Synchronize the AD user group.
  4. If the error persists, submit a ticket in the Arctic Wolf Unified Portal for assistance.