You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Overview of Azure AD SCIM Connector

The EmpowerID Azure Active Directory Connector allows organizations to bring user, group, role, license, application, and other data hosted in their Azure Cloud to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories.

The EmpowerID Azure Active Directory Connector uses a secure connection for inventorying and managing data in the Azure data store with the help of the EmpowerID SCIM 2.0 Microservice. The SCIM Microservice is an isolated component that is deployed in the client's Azure tenant and is responsible for establishing a secure connection with the Microsoft Graph API and directly writes/ reads data to/ from the Azure data store based on the request generated via the connector.

 

Please find below the components and its description.

Component

Description

Component

Description

EmpowerID Web App

EmpowerID web interface allows users to view the Azure Active Directory data inventoried into EmpowerID, and the same interface can be used for performing CRUD operations on the objects.

 

EmpowerID AAD Connector

EmpowerID AAD Connector encompass the inventory and write-back processes in the system that provide the business logic for inventory processing, provisioning and join logic, group membership assignments, naming conventions, and decisions regarding deleting or disabling accounts, groups and other objects.

 

Identity Warehouse

EmpowerID data store that comprises of a large number of tables for storing and maintaining the data inventoried from Azure Active Directory and other connected directories.

 

Certificate Authentication

EmpowerID Azure Active Directory connector uses secure handshake with the EmpowerID SCIM Microservice via Azure Certificate Authentication, meaning that the microservice only fulfills the request coming from the authorized client.

EmpowerID SCIM Microservice

The EmpowerID SCIM Microservice is an isolated component which is solely responsible for fulfilling requests coming from authorized clients (generally the EmpowerID AAD connector).

 

Managed Identity

Managed Identity is responsible for ensuring secure communication between the EmpowerID SCIM Microservice and Microsoft Graph API, it also possesses certain permissions that are required for making calls to the Graph API. Managed Identity must be created in the same Azure tenant where the data synchronizing is taking place between Azure data store and EmpowerID.

 

Microsoft Graph API

Microsoft Graph is a RESTful Web API that enables access to Microsoft Cloud service resources. It is created and managed by Microsoft; this API is invoked by the EmpowerID SCIM Microservice for fulfilling connector's requests for any Azure resource.

Azure Active Directory

Azure Active Directory (Azure AD) is a cloud-based identity and access management service that enables access to different resources, such as Users, Groups, Roles, Licenses, Azure Applications, Service Principals etc.

Â