How-to manage Microsoft Entra ID identities indirectly
Introduction
This document will give you an overview of indirectly managing identities in Microsoft Entra ID. More information about direct and indirect managed identities can be found here Microsoft 365 System Connector (Other keywords: Exchange Online, Office 365)
It’s assumes that the Office 365 target network already exists inthe CoreOne Suite.
Step 1 - Prerequisite
It is important to synchronize local Active Directory users with Microsoft Entra ID connect to manage external Microsoft Entra ID identities. For more information, check out the following page: Microsoft Entra Connect and Microsoft Entra Connect Health installation roadmap. - Microsoft Entra ID | Microsoft Learn.
Step 2 - Provisioning configuration
Configure an appropriate provisioning configuration for your EntraID Users. As the user will be synced with Microsoft Entra Connect, you only need to map the mandatory fields.
CoreOne Suite compares the User-Principal-Name with Microsoft Entra ID. It is important to set the UPN property to not unique
in the provisioning configuration. This is necessary because CoreOne Suite checks if the UPN already exists. If the UPN exists, the CreateIdentityTask will not create the identity in CoreOne Suite.
The UPN must be the same in CoreOne Suite as in Microsoft Entra ID; otherwise, a link will not exist.
Step 3 - Identity Features to activate/deactivate
Create and configure your identity type based off the provisioning configuration created in step 2.
The following identity features must be deactivated and activated to manage external Microsoft Entra ID identities successfully:
Activate:
Identities provisioned externally
Identities deprovisioned externally
Deactivate:
Provision identities
Provision identity updates
Step 4 - System Features to activate/deactivate
The following system features must be deactivated and activated to manage external Microsoft Entra ID identities successfully:
Activate:
Check if identity is provisioned
Check if identity is deprovisioned
Deactivate:
Identity provision
Provision identity updates
© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.