You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Azure AD SCIM Connector Features
EmpowerID Azure Active Directory connector allows organizations to bring the user, group, and role data in their Azure Active Directory to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:
Account Management
Inventory user accounts
Create, Update and Delete user accounts
Enable and Disable user accounts
Reset user account password
Group Management
Inventory groups
Inventory group memberships
Create and delete groups
Add and remove group memberships
Add group member to the group
Remove group member from the group
Role Management
Inventory Azure roles
Inventory Azure role memberships
Inventory Azure role memberships
Create Azure RBAC and Custom Directory roles
Assign users to Azure roles
License Management
Inventory License bundles, License pools, Tenant subscriptions
Add and Remove license assignments for users
Add and Remove license assignments for groups
Application Management
Inventory Azure Applications, Credentials, App Roles, Scopes, App Role assignments, Scope assignments
Create Azure OIDC, SAML (non-gallery) and SAML (gallery) applications
Edit & Delete Azure Application
Create & Delete Client Secret & Certificate
Create & Delete Scope & AppRole
Update API Permissions
Update Token Configuration
Attribute Flow
Users in Azure Active Directory are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Active Directory user attributes to EmpowerID Person attributes.
Person Attribute | External Directory Attribute |
AboutMe | profileUrl |
Active | active |
BusinessPhone | phoneNumbers[?@.type=='work'].value |
City | city |
Company | companyName |
CostCenter | employeeOrgData.costCenter |
Country | country |
CustomAttribute10 | usageLocation |
Department | ['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['department'] |
Description | description |
Division | employeeOrgData.division |
effectiveEndDate | endDateTime |
EffectiveStartDate | startDateTime |
emails[?@.type=='work'].value | |
EmailAlias | externalId |
EmployeeID | ['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['employeeNumber'] |
EmployeeType | employeeType |
ExtensionAttribute1 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute1'] |
ExtensionAttribute10 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute10'] |
ExtensionAttribute11 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute11'] |
ExtensionAttribute12 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute12'] |
ExtensionAttribute13 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute13'] |
ExtensionAttribute14 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute14'] |
ExtensionAttribute15 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute15'] |
ExtensionAttribute2 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute2'] |
ExtensionAttribute3 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute3'] |
ExtensionAttribute4 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute4'] |
ExtensionAttribute5 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute5'] |
ExtensionAttribute6 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute6'] |
ExtensionAttribute7 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute7'] |
ExtensionAttribute8 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute8'] |
ExtensionAttribute9 | ['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute9'] |
Fax | phoneNumbers[?@.type=='fax'].value |
FirstName | name.givenName |
FriendlyName | displayName |
GenerationalSuffix | name.honorificSuffix |
HomeTelephone | phoneNumbers[?@.type=='home'].value |
LastName | name.familyName |
Login | userName |
ManagerPersonID | manager |
MiddleName | name.middleName |
MobilePhone | phoneNumbers[?@.type=='mobile'].value |
Office | addresses[?@.type=='other'].formatted |
OofAudience | externalAudience |
OofEndDate | scheduledEndDateTime |
OofExternalMsg | externalReplyMessage |
OofInternalMsg | internalReplyMessage |
OofStartDate | scheduledStartDateTime |
OofStatus | status |
PhotoURL | photos[?@.type=='work'].value |
PostalCode | addresses[?@.type=='work'].postalCode |
PreferredLanguage | preferredLanguage |
State | state |
StreetAddress | addresses[?@.type=='work'].streetAddress |
Telephone | phoneNumbers[?@.type=='other'].value |
Title | title |
Â
Next Steps
Register a service principal for the Azure AD SCIM Microservice
Create an App Service for the Azure AD SCIM Microservice
Publish the Azure AD SCIM Microservice to Azure
Assign Permissions to the App Service