Page Comparison

...

Account Management
- Inventory user accounts
- Create, Update and Delete user accounts
- Enable and Disable user accounts
- Reset user account password
Group Management
- Inventory groups
- Inventory group memberships
- Create and Delete delete groups
- Add and Remove members to and from groupsremove group memberships
- Add group member to the group
- Remove group member from the group
Role Management
- Inventory Azure roles
- Inventory Azure role membershipsCreate
- new Azure rolesInventory Azure role memberships
- Create Azure RBAC and Custom Directory roles
- Assign users to Azure roles
License Management
- Inventory License bundles, License pools, Tenant subscriptions
- Add and Remove users to and from Azure roles license assignments for users
- Add and Remove license assignments for groups
Application Management
- Inventory Azure Applications, Credentials, App Roles, Scopes, App Role assignments, Scope assignments
- Create Azure OIDC, SAML (non-gallery) and SAML (gallery) applications
- Edit & Delete Azure Application
- Create & Delete Client Secret & Certificate
- Create & Delete Scope & AppRole
- Update API Permissions
- Update Token Configuration
Attribute Flow
Users in Azure Active Directory are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Active Directory user attributes to EmpowerID Person attributes.

Azure Active EmpowerID Person Attribute

Person Attribute	External Directory Attribute
AboutMe	ActiveprofileUrl
Active
MailNickname	EmailAlias
BusinessPhonesactive
BusinessPhoneCity	phoneNumbers[?@.type=='work'].value
City	CompanyNamecity
Company	companyName
CostCenter	employeeOrgData.costCenter
Country	country
CountryCustomAttribute10	usageLocation
Department	Department
DisplayName	FriendlyName
Mail	Email
EmployeeId	EmployeeID
FaxNumber	Fax
GivenName	FirstName
JobTitle	Title
Surname	LastName
UserPrincipalName	Login
MobilePhone	MobilePhone
OfficeLocation	Office
MailboxSettings -> AutomaticRepliesSetting -> ExternalAudience	OofAudience
MailboxSettings-> AutomaticRepliesSetting -> ScheduledEndDateTime	OofEndDate
MailboxSettings-> AutomaticRepliesSetting-> ExternalReplyMessage	OofExternalMsg
MailboxSettings-> AutomaticRepliesSetting-> InternalReplyMessage	OofInternalMsg
MailboxSettings-> AutomaticRepliesSetting-> ScheduledStartDateTime	OofStartDate
MailboxSettings -> AutomaticRepliesSetting -> Status	OofStatus
PreferredDataLocation	preferredDataLocation
PreferredLanguage	PreferredLanguage
state	State
StreetAddress	StreetAddress
UserType	UserType
PostalCode	PostalCode

...

['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['department']
Description	description
Division	employeeOrgData.division
effectiveEndDate	endDateTime
EffectiveStartDate	startDateTime
Email	emails[?@.type=='work'].value
EmailAlias	externalId
EmployeeID	['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['employeeNumber']
EmployeeType	employeeType
ExtensionAttribute1	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute1']
ExtensionAttribute10	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute10']
ExtensionAttribute11	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute11']
ExtensionAttribute12	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute12']
ExtensionAttribute13	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute13']
ExtensionAttribute14	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute14']
ExtensionAttribute15	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute15']
ExtensionAttribute2	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute2']
ExtensionAttribute3	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute3']
ExtensionAttribute4	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute4']
ExtensionAttribute5	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute5']
ExtensionAttribute6	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute6']
ExtensionAttribute7	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute7']
ExtensionAttribute8	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute8']
ExtensionAttribute9	['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute9']
Fax	phoneNumbers[?@.type=='fax'].value
FirstName	name.givenName
FriendlyName	displayName
GenerationalSuffix	name.honorificSuffix
HomeTelephone	phoneNumbers[?@.type=='home'].value
LastName	name.familyName
Login	userName
ManagerPersonID	manager
MiddleName	name.middleName
MobilePhone	phoneNumbers[?@.type=='mobile'].value
Office	addresses[?@.type=='other'].formatted
OofAudience	externalAudience
OofEndDate	scheduledEndDateTime
OofExternalMsg	externalReplyMessage
OofInternalMsg	internalReplyMessage
OofStartDate	scheduledStartDateTime
OofStatus	status
PhotoURL	photos[?@.type=='work'].value
PostalCode	addresses[?@.type=='work'].postalCode
PreferredLanguage	preferredLanguage
State	state
StreetAddress	addresses[?@.type=='work'].streetAddress
Telephone	phoneNumbers[?@.type=='other'].value
Title	title

...

Next Steps

Register a service principal for the Azure AD SCIM Microservice

...

Versions Compared

Old Version 1

New Version Current

Key

Next Steps