Chat now with support
Chat with Support

Identity Manager 9.3 - Administration Guide for Connecting to Microsoft Entra ID

Managing Microsoft Entra ID environments Synchronizing a Microsoft Entra ID environment
Setting up initial synchronization with a Microsoft Entra ID tenant Adjusting the synchronization configuration for Microsoft Entra ID environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Microsoft Entra ID user accounts and identities Managing memberships in Microsoft Entra ID groups Managing Microsoft Entra ID administrator roles assignments Managing Microsoft Entra ID subscription and Microsoft Entra ID service plan assignments
Displaying enabled and disabled Microsoft Entra ID service plans forMicrosoft Entra ID user accounts and Microsoft Entra ID groups Assigning Microsoft Entra ID subscriptions to Microsoft Entra ID user accounts Assigning disabled Microsoft Entra ID service plans to Microsoft Entra ID user accounts Inheriting Microsoft Entra ID subscriptions based on categories Inheritance of disabled Microsoft Entra ID service plans based on categories
Login credentials for Microsoft Entra ID user accounts Microsoft Entra ID role management
Microsoft Entra ID role management tenants Enabling new Microsoft Entra ID role management features Microsoft Entra ID role main data Main data of Microsoft Entra ID role settings Displaying Microsoft Entra ID role settings main data Assigning temporary access passes to Microsoft Entra ID user accounts Displaying Microsoft Entra ID scoped role assignments Displaying scoped role eligibilities for Microsoft Entra ID roles Overview of Microsoft Entra ID scoped role assignments Main data of Microsoft Entra ID scoped role assignments Managing Microsoft Entra ID scoped role assignments Adding Microsoft Entra ID scoped role assignments Editing Microsoft Entra ID scoped role assignments Deleting Microsoft Entra ID scoped role assignments Assigning Microsoft Entra ID scoped role assignments Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID user accounts Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID groups Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID service principals Assigning Microsoft Entra ID system roles to scopes through role assignments Assigning Microsoft Entra ID business roles to scopes though role assignments Assigning Microsoft Entra ID organizations to scopes through role assignments Overview of Microsoft Entra ID scoped role eligibilities Main data of Microsoft Entra ID scoped role eligibilities Managing Microsoft Entra ID scoped role eligibilities Adding Microsoft Entra ID scoped role eligibilities Editing Microsoft Entra ID scoped role eligibilities Deleting Microsoft Entra ID scoped role eligibilities Assigning Microsoft Entra ID scoped role eligibilities Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID user accounts Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID groups Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID service principals Assigning Microsoft Entra ID system roles to scopes through role eligibilities Assigning Microsoft Entra ID business roles to scopes though role eligibilities Assigning Microsoft Entra ID organizations to scopes through role eligibilities
Mapping Microsoft Entra ID objects in One Identity Manager
Microsoft Entra ID core directories Microsoft Entra ID user accounts Microsoft Entra ID user identities Microsoft Entra ID groups Microsoft Entra ID administrator roles Microsoft Entra ID administrative units Microsoft Entra ID subscriptions and Microsoft Entra ID service principals Disabled Microsoft Entra ID service plans Microsoft Entra ID app registrations and Microsoft Entra ID service principals Reports about Microsoft Entra ID objects Managing Microsoft Entra ID security attributes
Handling of Microsoft Entra ID objects in the Web Portal Recommendations for federations Basic data for managing a Microsoft Entra ID environment Troubleshooting Configuration parameters for managing a Microsoft Entra ID environment Default project template for Microsoft Entra ID Editing Microsoft Entra ID system objects Microsoft Entra ID connector settings

Configuring synchronization with Microsoft Entra ID tenants

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the primary system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing in Microsoft Entra ID tenants

  1. In the Synchronization Editor, open the synchronization project.

  2. Check whether the existing mappings can be used to synchronize into the target system. Create new maps if required.

  3. Create a new workflow with the workflow wizard.

    This creates a workflow with Target system as its direction of synchronization.

  4. Create a new start up configuration. Use the new workflow to do this.

  5. Save the changes.

  6. Run a consistency check.

Related topics

Configuring synchronization of different Microsoft Entra ID tenants

If you want to customize a synchronization project to synchronize another Microsoft Entra ID tenant, make sure that you use the same type of authentication on the application when registering it in the Microsoft Entra ID tenant.

Depending on how the One Identity Manager application is registered in the Microsoft Entra ID tenant, either a user account with sufficient permissions or the secret key is required. For more information, see Registering an enterprise application for One Identity Manager in the Microsoft Entra ID tenant.

To customize a synchronization project for synchronizing another Microsoft Entra ID tenant

  1. In the Synchronization Editor, open the synchronization project.

  1. Create a new base object for every other client.

    • Use the wizard to attach a base object.

    • In the wizard, select the Microsoft Entra ID connector.

    • Declare the connection parameters. The connection parameters are saved in a special variable set.

    A start up configuration is created that uses the newly created variable set.

  2. Change other elements of the synchronization configuration as required.

  3. Save the changes.

  4. Run a consistency check.

Related topics

Customizing synchronization projects to invite guest users

For more information about guest users in Microsoft Entra ID, see the Microsoft Entra ID documentation from Microsoft.

In One Identity Manager you can set up user account with the following user types:

  • Member: Normal Microsoft Entra ID user account.

  • Guest: User account for guest users. The Microsoft Entra ID connector creates a user account for guest users and ensures that an invitation is sent by email to the given email address.

To send guest user invitations, you must alter the variables in the synchronization project.

Variable

Description

GuestInviteSendMail

Specifies whether the guest user invitation will be sent.

Default: True

GuestInviteLanguage

Language to use for sending the guest user invitation.

Default: en-us

GuestInviteCustomMessage

Personal welcome greeting for the guest user.

GuestInviteRedirectUrl

URL to reroute guest users after they have accepted the invitation and registered.

Default: http://www.office.com

ClosedEditing variables in synchronization projects
Related topics

Supporting custom Microsoft Entra ID extensions

In Microsoft Entra ID, you can add schema extensions for Microsoft Entra ID applications that are registered in the company. Schema extensions in Microsoft Entra ID have the format extension_<appId>_<propertyName>. For more information about schema extensions, see the Microsoft Graph API under https://docs.microsoft.com/en-us/graph/extensibility-overview.

The Microsoft Entra ID connector can read and write Microsoft Entra ID schema extensions.

To map and synchronize Microsoft Entra ID schema extensions in One Identity Manager

  1. Extend the One Identity Manager schema by the custom columns. Use the Schema Extension program to do this.

    For more information about extending the One Identity Manager schema, see the One Identity Manager Configuration Guide.

  2. Use the Synchronization Editor to update the target system schema in your synchronization project and the One Identity Manager connection's schema.

    For more information about updating schema in the Synchronization Editor, see the One Identity Manager Target System Synchronization Reference Guide.

  3. In the Synchronization Editor, extend the mappings in your synchronization project by the respective property mapping rules for schema extensions.

    For more information about editing property mapping rules in the Synchronization Editor, see the One Identity Manager Target System Synchronization Reference Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating