Creating a Microsoft Azure Office 365 connection - PingOne

Creating a Microsoft Azure Office 365 connection - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

bundle

pingone

ft:publication_title

PingOne Cloud Platform

Product_Version_ce

PingOne

PingOne Cloud Platform

category

Product

p1cloudplatform

ContentType_ce

Page created: 13 Apr 2023 |

Page updated: 10 May 2023

| 5 min read

PingOne Cloud Platform PingOne Product

Use an Microsoft Azure Office 365 connection to enable provisioning from PingOne to the Microsoft Azure identity platform.

You should review the information about registering applications with the Microsoft Azure identity platform. See Register an application with the Microsoft identity platform.

Make sure that you have:

An Azure account that has an active subscription. See Create your Azure Free account.
The tenant domain ID for the Azure account. You can find the tenant domain in the Azure portal. Go to the application properties and select View endpoints. Copy the ID from the URL under Windows Azure AD Graph API Endpoint.
The client ID and client secret for the connected application. You can find the client ID and client secret in the Azure portal. See Register an application with the Microsoft identity platform.

Go to Connections > Provisioning.
Click the + icon, and then click New connection.
For Identity Store, click the Select button.
Under Microsoft Azure (Microsoft 365), click Select, and then click Next.
Enter a name and description for this provisioning connection.

The connection name is shown in the list when you've completed and saved the connection.
Click Next.

On the Configure authentication pane, enter the values for the following fields.

Field	Value
Tenant domain ID	The tenant domain ID for the Azure account. You can find the tenant domain in the Azure portal. Go to the application properties and select View endpoints. Copy the ID from the URL under Windows Azure AD Graph API Endpoint.
Client ID	The client ID from Azure for the connected application. You can find the client ID and client secret in the Azure portal. See Register an application with the Microsoft identity platform.
Client secret	The client secret from Azure for the connected application. You can find the client ID and client secret in the Azure portal. See Register an application with the Microsoft identity platform.

Click Test connection to verify that PingOne can establish a connection to Azure.
If there are any issues with the connection, a Test connection failed message appears. Click Continue to resume the setup with an invalid connection.

You will not be able to use the connection for provisioning until you have established a valid connection to Azure. Click Cancel to modify the settings and try again.

On the Configure preferences pane, configure the following options.

Option	Description
Remove Licenses when SKU ID is empty	Determines whether to remove a user's license from their account if you do not configure the `skuId` field in the rule's attribute mappings, or if the user's `skuId` field is cleared in the external identity store. True. When enabled, if you choose to not configure the `skuId` field in the rule’s attribute mapping, the user's licenses will be removed from their account. False (default). When disabled, if you choose to not configure the `skuId` field in the rule’s attribute mapping, the user's licenses will not be removed from their account. However, if you configure the `skuId` field in rule’s attribute mapping, and if the user's `skuId` field is cleared in the directory, the user's licenses will be removed from their account.
Allow users to be created	Determines whether to create a user in the Azure identity store when the user is created in the PingOne identity store.
Allow users to be updated	Determines whether to update user attributes in the Azure identity store when the user is updated in the PingOne identity store.
Allow users to be disabled	Determines whether to disable a user in the Azure identity store when the user is disabled in the PingOne identity store.
Allow users to be deprovisioned	Determines whether to deprovision a user in the Azure identity store when the user is deprovisioned in the PingOne identity store.
Remove action	Determines the action to take when removing a user from the Azure identity store. Delete. When a user is deprovisioned from the PingOne identity store, PingOne removes the user from the external identity store. Disable. When a user is deprovisioned from the PingOne identity store, PingOne disables the user in the external identity store.
Deprovision on rule deletion	Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.

Click Finish.

The Azure Office 365 provisioning connection is complete and is added to the list of provisioning connections on the Provisioning page.

Note:

When you create the provisioning rule, make sure that you map a value for the Password attribute. You must map a value for Password before you can enable the rule. For more information, see Adding attribute mapping.

Creating a rule