Entra: Node & Edge Schema

The Entra connection integrates data from Microsoft Entra (formerly Azure Active Directory) into the SlashID identity graph. It captures identities, groups, roles, and service principals from the Entra directory model.

---

Node Types

Node Type	Description
EntraUser	A user identity in the Entra directory
EntraGroup	A group entity in Entra
EntraRole	A role or administrative permission in Entra
EntraServicePrincipal	An identity for registered apps/services in Entra
EntraManagedIdentity	A special identity managed within the Entra environment
Credential	A credential associated with identities
Resource	A resource entity that may be accessed, owned, or assigned

---

Edge Relationships

Edge Type	From Node	To Node	Description
IS_MEMBER_OF	EntraUser, EntraGroup	EntraGroup	Indicates group membership
HAS_MEMBER	EntraGroup	EntraUser, EntraGroup	Reverse of IS_MEMBER_OF
HAS_ROLE	EntraUser, EntraServicePrincipal	EntraRole	Shows role assignment to a principal
IS_ROLE_OF	EntraRole	EntraUser, EntraGroup	Reverse of HAS_ROLE
HAS_CREDENTIAL	EntraUser, EntraServicePrincipal	Credential	Connects an identity to its credential
IS_CREDENTIAL_OF	Credential	EntraUser, EntraServicePrincipal	Reverse of HAS_CREDENTIAL
OWNS	EntraUser, EntraServicePrincipal	Resource	Resource ownership link
IS_OWNED_BY	Resource	EntraUser, EntraServicePrincipal	Reverse of OWNS
CAN_ACCESS	EntraUser, EntraServicePrincipal, EntraGroup	Resource	Grants access permission
CAN_BE_ACCESSED	Resource	EntraUser, EntraGroup	Reverse of CAN_ACCESS
IS_ASSIGNED	EntraUser, EntraGroup	EntraRole, Resource	Denotes explicit assignments
CONTAINS	Group, Resource	Sub-resources or members	Hierarchical containment relationship

---

Examples

(EntraUser)-[:IS_MEMBER_OF]->(EntraGroup)
(EntraServicePrincipal)-[:HAS_ROLE]->(EntraRole)
(EntraUser)-[:OWNS]->(Resource)
(EntraManagedIdentity)-[:CAN_ACCESS]->(Resource)
(EntraServicePrincipal)-[:HAS_CREDENTIAL]->(Credential)