Overview of Azure AD SCIM Connector
The EmpowerID Azure Active Directory Connector allows organizations to bring user, group, role, license, application, and other data hosted in their Azure Cloud to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories.
The EmpowerID Azure Active Directory Connector uses a secure connection for inventorying and managing data in the Azure data store with the help of the EmpowerID SCIM 2.0 Microservice. The SCIM Microservice is an isolated component that is deployed in the client's Azure tenant and is responsible for establishing a secure connection with the Microsoft Graph API and directly writes and reads data to and from the Azure data store based on the request generated via the connector.
Â
Please find below the components and its description.
Component | Description |
|---|---|
EmpowerID Web App | EmpowerID web interface allows users to view the Azure Active Directory data inventoried into EmpowerID, and the same interface can be used for performing CRUD operations on the objects. Â |
EmpowerID AAD Connector | EmpowerID AAD Connector encompass the inventory and write-back processes in the system that provide the business logic for inventory processing, provisioning and join logic, group membership assignments, naming conventions, and decisions regarding deleting or disabling accounts, groups and other objects. Â |
Identity Warehouse | EmpowerID data store that comprises of a large number of tables for storing and maintaining the data inventoried from Azure Active Directory and other connected directories. Â |
Certificate Authentication | EmpowerID Azure Active Directory connector uses secure handshake with the EmpowerID SCIM Microservice via Azure Certificate Authentication, meaning that the microservice only fulfills the request coming from the authorized client. |
EmpowerID SCIM Microservice | The EmpowerID SCIM Microservice is an isolated component which is solely responsible for fulfilling requests coming from authorized clients (generally the EmpowerID AAD connector). Â |
Managed Identity | Managed Identity is responsible for ensuring secure communication between the EmpowerID SCIM Microservice and Microsoft Graph API, it also possesses certain permissions that are required for making calls to the Graph API. Managed Identity must be created in the same Azure tenant where the data synchronizing is taking place between Azure data store and EmpowerID. Â |
Microsoft Graph API | Microsoft Graph is a RESTful Web API that enables access to Microsoft Cloud service resources. It is created and managed by Microsoft; this API is invoked by the EmpowerID SCIM Microservice for fulfilling connector's requests for any Azure resource. |
Azure Active Directory | Azure Active Directory (Azure AD) is a cloud-based identity and access management service that enables access to different resources, such as Users, Groups, Roles, Licenses, Azure Applications, Service Principals etc. |
Â