Skip to main content

Context ManagementContext Management Administration Guide

Create a Microsoft Entra ID Context Table

Before beginning this procedure, review the prerequisites.

To onboard a Microsoft Entra ID context table:

  1. Log into the Exabeam Security Operations Platform with your registered credentials.

  2. Find the Security Management tab and click the Context Management tile.

  3. Navigate to the Context Library tab and click Microsoft Entra ID. The Microsoft Entra ID Context Table panel opens.

  4. In the Configuration section, complete the Definition step by entering the following information:

    • Context Table Name – Enter a name for the new Microsoft Entra ID context table you're creating.

    • Microsoft Entra ID Collector – In the Data Source section, choose a data source for your new context table. The drop down menu displays a list of the Microsoft Entra ID Context cloud collectors that are currently configured and running in the Exabeam Cloud Collectors service. In the list, select a collector from which your new context table will process user attribute data.

      If no Microsoft Entra ID Context cloud collectors are listed, follow the steps in the Microsoft Entra ID Context Cloud Collector section of the Cloud Collector Administration Guide.

  5. Click Next.

  6. In the Review Attributes step, review the mapping of available Microsoft Entra ID attributes to the target attributes in the new context table you are creating.

    The attribute mapping table has the following columns (as shown in the image below):

    • icon-visible.png – Shows whether a specific attribute is visible as a column in the context table. Use the icon next to each attribute to toggle the display on or off.

    • Source Attribute – Shows a default set of attributes available from your Microsoft Entra ID. Some source attributes are listed simply as Calculated attribute. These are attributes that are calculated, either in format or in value. Hover over the Calculated attribute tag in the Source Attribute column to view a description of the attribute and its calculation.

    • Target Attribute – The Target Attributes column shows the Exabeam common user information model attributes that are mapped to the Microsoft Entra ID attributes in your context table. For an easy-to-read table of the default attribute mapping, see Default Microsoft Entra ID Attribute Mapping.

    • icon-key.png – Indicates that an attribute is designated as the key attribute for the context table. The designated key and its mapping cannot be changed.

    • icon-lock.png – Indicates that an attribute and its mapping cannot be changed.

    attribute-map-azuread.png

    You can modify the mapping of Microsoft Entra ID attributes, that are not key or locked attributes, in the following ways:

    • Hover over an attribute row where you want to change the mapping.

    • Click the delete icon (icon-delete.png) to remove the currently mapped target attribute.

    • Then click Add Target Attributes and do one of the following:

      • Search for and select an existing target attribute to map it as the target.

      • Click Add Custom Attribute, enter a new attribute name, and click the plus icon (icon-add-attribute.png) to add it to the list of available target attributes. It will be added with a custom icon (icon-custom-attribute.png) to the left of the attribute name. Then select the newly created target attribute to map it.

  7. When you are satisfied with the attribute mapping, click Create to onboard the new Microsoft Entra ID context table. A success message is displayed.

    Click Go to Overview to return to the Overview tab that lists all the context tables currently available. The new context table should appear in the list. When you open the table, it displays the user objects processed from the source Cloud Collector (it does not include asset objects).