The EmpowerID Azure Active Directory Connector uses a secure connection for inventorying and managing data in the Azure data store with the help of the EmpowerID SCIM 2.0 Microservice. The SCIM Microservice is an isolated component that is deployed in the client's Azure tenant and is responsible for establishing a secure connection with the Microsoft Graph API and directly writes/ reads data to/ from the Azure data store based on the request generated via the connectorTo access resources secured by your Azure AD tenant, the Azure AD SCIM microservice needs to be represented within the tenant by a security principal. The security principal is an application you create in your tenant to provide the necessary authentication context needed by the microservice to call the Microsoft Graph API.
EmpowerID uses the Azure AD SCIM Microservice to make API calls to your Azure tenant in response to your actions in EmpowerID. As part of the deployment process for the microservice, an app service needs to be created to host the microservice and configured for Azure AD authentication, as well as with a managed identity that can be granted permissions to access resources protected by Azure AD.