Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
EmpowerID Azure AD SCIM connector allows organizations to bring the user and group data in their Box system to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:
Account Management
Inventory Azure AD user accounts
Create, Update and Delete Azure AD user accounts
Enable and Disable Azure AD user accounts
Update passwords for Azure AD user accounts
Group Management
Inventory Azure AD groups
Inventory Azure AD group memberships
Create and Delete Azure AD groups
Add and Remove members to and from Azure AD groups
Attribute Flow
Users in Azure AD are inventoried as accounts in EmpowerID, which are then linked EmpowerID Person objects. The below table shows the attribute mappings of Box user attributes to EmpowerID Person attributes.
Azure AD Attribute | Corresponding EmpowerID Attribute | Description |
|---|---|---|
Name | Name | Name of the user |
name.familyName | LastName | Last name of the user |
name.givenName | FirstName | First name of the user |
name.middleName | MiddleName | Middle name of the user |
displayName | FriendlyName | Display Name of the user |
name.honorificSuffix | GenerationalSuffix | |
title | Title | Title of the user |
email[?(@type=='work')].value | Work email address of the user | |
['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['department'] | Department | Department of the user |
['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['EmployeeNumber'] | EmployeeID | Employee ID of the user |
addresses[?(@.type=='work')].streetAddress | StreetAddress | Street address of the user |
addresses[?(@.type=='work')].locality | City | City in which the user resides or works |
addresses[?(@.type=='work')].region | State | State in which the user resides or works |
addresses[?(@.type=='work')].country | Country | Country of the user |
addresses[?(@.type=='work')].postalCode | PostalCode | Postal code of the user |
phoneNumbers[?(@.type=='home')].value | HomeTelephone | Home telephone of the user |
preferredLanguage | PreferredLanguage | Preferred language of the user |
phoneNumbers[?(@.type=='other')].value | Telephone | Telephone number for the person |
phoneNumbers[?(@.type=='fax')].value | Fax | Fax number for the person |
Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Azure AD user accounts for any person within your organization based on your policy requirements.
| Note |
|---|
To connect EmpowerID to Azure AD, In order to connect EmpowerID to Azure AD, the following prerequisites need to be met:
EmpowerID “Proxy” or Connection Account RequirementsEmpowerID uses highly privileged user accounts when connecting to user directories such as Azure Active Directory, LDAP or database systems. These user "account stores" use saved proxy accounts for connecting to these systems and performing user account management operations. EmpowerID requires one privileged account per domain or directory. This account requires all of the privileges matching the functions that EmpowerID may perform (user creation, deletion, password reset, group creation, etc). |
| Div | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
IN THIS ARTICLE
|