You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Azure AD SCIM Connector Features

EmpowerID Azure Active Directory connector allows organizations to bring the user, group, and role data in their Azure Active Directory to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:

  • Account Management

    • Inventory user accounts

    • Create, Update and Delete user accounts

    • Enable and Disable user accounts

    • Reset user account password

  • Group Management

    • Inventory groups

    • Inventory group memberships

    • Create and delete groups

    • Add and remove group memberships

    • Add group member to the group

    • Remove group member from the group

  • Role Management

    • Inventory Azure roles

    • Inventory Azure role memberships

    • Inventory Azure role memberships

    • Create Azure RBAC and Custom Directory roles

    • Assign users to Azure roles

  • License Management

    • Inventory License bundles, License pools, Tenant subscriptions

    • Add and Remove license assignments for users

    • Add and Remove license assignments for groups

  • Application Management

    • Inventory Azure Applications, Credentials, App Roles, Scopes, App Role assignments, Scope assignments

    • Create Azure OIDC, SAML (non-gallery) and SAML (gallery) applications

    • Edit & Delete Azure Application

    • Create & Delete Client Secret & Certificate

    • Create & Delete Scope & AppRole

    • Update API Permissions

    • Update Token Configuration



    Attribute Flow
    Users in Azure Active Directory are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of Active Directory user attributes to EmpowerID Person attributes.

Person Attribute

External Directory Attribute

AboutMe

profileUrl

Active

active

BusinessPhone

phoneNumbers[?@.type=='work'].value

City

city

Company

companyName

CostCenter

employeeOrgData.costCenter

Country

country

CustomAttribute10

usageLocation

Department

['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['department']

Description

description

Division

employeeOrgData.division

effectiveEndDate

endDateTime

EffectiveStartDate

startDateTime

Email

emails[?@.type=='work'].value

EmailAlias

externalId

EmployeeID

['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].['employeeNumber']

EmployeeType

employeeType

ExtensionAttribute1

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute1']

ExtensionAttribute10

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute10']

ExtensionAttribute11

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute11']

ExtensionAttribute12

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute12']

ExtensionAttribute13

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute13']

ExtensionAttribute14

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute14']

ExtensionAttribute15

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute15']

ExtensionAttribute2

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute2']

ExtensionAttribute3

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute3']

ExtensionAttribute4

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute4']

ExtensionAttribute5

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute5']

ExtensionAttribute6

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute6']

ExtensionAttribute7

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute7']

ExtensionAttribute8

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute8']

ExtensionAttribute9

['urn:ietf:params:scim:schemas:extension:azureOnPremData:2.0:User'].['onPremisesExtensionAttributes'].['extensionAttribute9']

Fax

phoneNumbers[?@.type=='fax'].value

FirstName

name.givenName

FriendlyName

displayName

GenerationalSuffix

name.honorificSuffix

HomeTelephone

phoneNumbers[?@.type=='home'].value

LastName

name.familyName

Login

userName

ManagerPersonID

manager

MiddleName

name.middleName

MobilePhone

phoneNumbers[?@.type=='mobile'].value

Office

addresses[?@.type=='other'].formatted

OofAudience

externalAudience

OofEndDate

scheduledEndDateTime

OofExternalMsg

externalReplyMessage

OofInternalMsg

internalReplyMessage

OofStartDate

scheduledStartDateTime

OofStatus

status

PhotoURL

photos[?@.type=='work'].value

PostalCode

addresses[?@.type=='work'].postalCode

PreferredLanguage

preferredLanguage

State

state

StreetAddress

addresses[?@.type=='work'].streetAddress

Telephone

phoneNumbers[?@.type=='other'].value

Title

title

 


Next Steps

Register a service principal for the Azure AD SCIM Microservice

Create an App Service for the Azure AD SCIM Microservice

Publish the Azure AD SCIM Microservice to Azure

Assign Permissions to the App Service

Connect to Azure AD