Certified: February 26, 2026
Solution Summary
This article describes Microsoft Sentinel integration with RSA ID Plus. Use this information to determine which use case and integration type your deployment will employ.
Integration Types
Cloud Administration APIs: Use the Cloud Administration Add/Remove High-Risk User API to add or remove one or more users from a high-risk user list. You can determine authentication and access requirements for users who are identified as high risk. These might be users whose accounts have been compromised, or for whom a third-party security information and event management (SIEM) solution, such as Microsoft Sentinel, has detected suspicious activity.
Note: The Admin API is available with ID Plus E2 and ID Plus E3 plans. For details, see RSA ID Plus Plans.
Configuration Summary
This section contains instruction steps that show how to integrate Microsoft Sentinel with RSA using all of the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.
All RSA and Microsoft Sentinel components must be installed and working prior to the integration.
This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
Assumptions
- For this guide, the consumption plan has been used. Refer to Microsoft documentation for any changes to the configuration based on your plan selection.
- We have used a single region across the configurations. Refer to Microsoft documentation for any changes to the configuration in case of multi-region deployments.
- Necessary permissions to create or set up the resources /components are available. Refer to Microsoft's official documentation for more information.
- There are multiple ways to send high risk user list to RSA. We have used custom tables and logic apps in Microsoft to do so. This may not be the optimum approach for this scenario, but the purpose of this guide is to display how users can implement high-risk user list consumption using Microsoft Sentinel as the high-risk user API client. For scenarios better suited for your system, refer to your client or vendor documentation.
Integration Configuration
Certification Details
RSA Cloud Access Service (CAS)
Microsoft Sentinel
Known Issues
No known issues.
Related Articles
Cloud Administration Retrieve High-Risk User List API Version 1 Number of Views Cloud Administration Add/Remove High-Risk User API Number of Views Cloud Administration Retrieve High-Risk User List API Version 2 Number of Views Edit an Application Trust Certificate Number of Views Upload Certificates for Trusted Certificate Authorities Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
