Azure AD
The Azure AD application template allows you to provision users and groups to an Azure Active Directory instance.
Register the application
-
In the Advanced Identity Cloud admin console, go to Applications, and click Browse App Catalog.
-
In the Browse App Catalog modal, select an application, and click Next.
Select the latest application version.
-
Review the Application Integration information, and click Next.
-
In the Application Details window, specify the name, description, application owners, and logo for the application.
-
To make the application an Authoritative source of identity data, select the Authoritative check box. This option is not available for every application.
-
Click Create Application.
Configure provisioning
This requires a Microsoft account and a Microsoft Azure application set up.
-
Click Certificates and Secrets > New Client Secret.
-
Enter a description and choose an expiration date.
-
Click Save.
-
Copy your client secret.
-
Click API Permissions.
-
Select Add a permissions > MS Graph > Application Permissions.
-
Use the search function to find and select the following 13 permissions:
-
Click Add permissions.
-
Click Grant admin consent for default directory.
-
Copy the following values:
-
application (client) id
-
directory (tenant) id
-
client credentials/secret
-
-
In the Advanced Identity Cloud admin console, on the Provisioning tab:
-
If setting up provisioning for the first time, click Set up Provisioning.
-
When editing existing settings in the Connection area, click Settings.
-
-
Configure the following fields:
Field Description Tenant
The Azure AD tenant name or id.
Client ID
The client ID the connector uses during the OAuth 2.0 flow.
Client Secret
The client secret the connector uses during the OAuth 2.0 flow.
Read Rate Limit
Define throttling for read operations either per second ("30/sec") or per minute ("100/min").
Write Rate Limit
Define throttling for write operations (create/update/delete) either per second ("30/sec") or per minute ("100/min").
Perform Hard Delete
If true, the delete operation permanently deletes the Azure object.
License Cache Expiry Time
Defines the expiry time (in minutes) for cached license information; for example, service plan data. The default value is 60 minutes.
-
Optionally, click Show advanced settings to set the following option:
Option Description Exclude Unmodified
Select this option to synchronize only the modified properties on a target resource.
-
Click Connect.
-
Verify the information in the Details tab.
Provision side tabs
The object type determines the side tabs that display on the Provisioning tab.
Use the object type list to select an object type, such as Group.
Afterward, you can configure properties in the different sub-tabs under the Provisioning tab.
| Provisioning tab | Description | Related sections |
|---|---|---|
Details |
View and manage an application, including name, ID, and native type. |
Select the specific application from Provision settings for an application. |
Properties |
View and manage properties for the selected object type. |
|
Data |
View data about the selected object type. |
|
Mapping |
View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties. |
|
Reconciliation |
Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems. View and manage rules for the users and groups that use your application. View and manage schedules for Full and Incremental reconciliation. |
|
Privacy & Consent |
Manage end-user data sharing and synchronization. |
|
Rules |
View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application. |
|
Advanced Sync |
Create and manage mappings between an identity profile and an application or between applications. |