Unlock Your Digital World with the Everykey App

Getting started with Everykey

Everykey Microsoft Entra Integration Guide

This guide provides a comprehensive step-by-step process for integrating Everykey with Microsoft Entra ID. This integration facilitates seamless synchronization of users and groups, enabling automatic password management, including generation and updates between Everykey and Entra ID.

Prerequisites

Before proceeding with the integration, ensure the following requirements are met:

  • A Business Plan Everykey account with administrator privileges and a paired Everykey device.
  • A Windows Server 2019 (or later) with the Everykey app installed to manage automated password synchronization.
  • A Global Administrator Account on Microsoft Entra or an account with the following administrative roles assigned: Application Administrator, Groups Administrator, Privileged Role Administrator, User Administrator.
  • Password Writeback enabled if using a Hybrid Active Directory environment to allow changes from Everykey to sync back to Entra ID.

1

Step 1: Register an Application in Microsoft Entra ID

  1. Sign in to the Microsoft Entra Admin Center.
  2. On the left sidebar, Navigate to Identity > Applications > App registrations.
  3. Click New registration.
  4. Enter an application name (e.g., Everykey Credential Manager).
  5. Select Single tenant unless multi-tenant access is required.
  6. Under Redirect URI, select Web and enter https://dashboard.Everykey.com/integrations/entra/callback.
  7. Click Register to finalize the application creation.

2

Step 2: Retrieve Application Credentials

  1. Once registered, go to the application Overview page.
  2. Copy and securely save the Application (client) ID and Directory (tenant) ID as these will be needed for later configurations.

3

Step 3: Configure API Permissions

  1. While still In App registrations, select the newly created application.
  2. Navigate to API permissions > Add a permission.
  3. Select Microsoft Graph and configure the following permissions:
    1. Select Delegated permissions.
    2. Use the Search Bar and Select the following:
      1. User.ReadWrite.All – Required for managing user accounts.
      2. User-PasswordProfile.ReadWrite.All – Enables Everykey to update passwords (If applicable)
      3. Group.ReadWrite.All – Allows Everykey to manage group memberships.
    3. Before accepting,view the top of the panel, select Application permissions.
      1. The same permissions as delegated, granting system-level access.
    4. At the bottom, Click Add permissions.
    5. Next to Add a permission, select Grant admin consent for Everykey to authorize them for your organization.
      1. Select Yes to apply changes.

4

Step 4: Generate a Client Secret

  1. Go to Certificates & Secrets under your app settings.
  2. Click New client secret.
  3. Provide a descriptive name (ex. Everykey Automation, Everykey Entra Integration).
  4. Set an expiration period based on your organization’s security policy.
  5. Click Add.
  6. Important: Copy and securely store the generated client secret value immediately.

5

Step 5: Configure Authentication for PKCE Flow

  1. Navigate to the Authentication section of your registered app.
  2. Under Platform configurations, under section labeled Web.
    1. Ensure the redirect URIs include:
      1. https://dashboard.Everykey.com/integrations/entra/callback
  3. Under Advanced settings, enable Allow public client flows by selecting Yes to support PKCE-based authentication.
  4. Click Save to apply changes.

6

Step 6: Enable Password Writeback (For Hybrid Active Directory Deployments)

If using a hybrid environment, configure password writeback to allow changes from Everykey to sync with Entra ID.

  1. Open Microsoft Entra Connect on your synchronization server.
  2. Select Configure and navigate to Optional Features.
  3. Enable Password writeback and click Next.
  4. Complete the configuration and test a password reset to ensure successful synchronization.

7

Step 7: Set Up Everykey Integration

  1. Log in to the Everykey Dashboard.
    1. https://dashboard.everykey.com/
  2. Navigate to the Integrations section.
  3. Locate the Microsoft Entra (Office 365) card.
    1. Click Enable.
    2. Select Next or select the Credentials tab.
  4. Enter the Client ID, Tenant ID, and Client Secret from Step 2 and Step 4.
  5. Select Accept to grant permissions when prompted within the Microsoft Entra portal.

8

Step 8: Import users and Groups

  1. Return to Everykey and select users for synchronization.
  2. (Optional) Enable automatic password management to manage device unlock, ensuring compliance with an external password policy.
  3. Click Sync Selected Users to begin user import.
  4. Similarly, select groups for synchronization and click Sync Selected Groups.

9

Step 9: Configure Policy

Create and manage policies to control how Everykey with Entra is used across your organization.

  • Define rules for device proximity, session timeouts, and reauthentication.
  • Assign policies to individuals or groups for flexible control.
  • Easily create, edit, or delete policies as your needs evolve.

10

Step 10: Enable Windows Device Unlock (Optional)

For users who wish to use Everykey-managed credentials for passwordless Windows login:

  1. Open the Everykey Windows app.
  2. In the side navigation, select the paired phone (Go Device).
  3. Enable Device Unlock and choose Use Everykey Managed Microsoft Password.
  4. Click Save, then wait for the update to apply.
  5. Restart the PC to ensure changes take effect.
  6. On the login screen, select Sign-in Options > Everykey Tile > Arrow.
  7. Approve the login request on your Go Device.
  8. Successfully log in without manually entering a password!

Get Help and Support

Need Assistance?
Visit our comprehensive Support Center where you can find information on our product, along with connecting with our support team.