By Pooja Dontul and Rajeev Kumar

Out of the box adapter is the first choice when it comes to manage the user lifecycle of any endpoint. However, can it be achieved without that?  

To answer this question, let’s go through the journey of achieving User Lifecyle Management on Azure Active Directory without dedicated adapter. 

Introduction  

We came across a lot of requests to manage user lifecycle on Azure AD.  

Well! this solution can be achieved by reusing out-of-the-box Office365 adapter. As both Office365 and Azure AD from Microsoft uses the same Graph API to manage user lifecycle. 

Let’s see the configuration steps below: 

How to configure Azure User Provisioning? 

1. Log in as an admin user to your Microsoft Azure Portal by using the following URL and click portal for azure portal: 

https://azure.microsoft.com 

1. Enter App Registrations in search bar and click on App Registrations from search dropdown for creating application 

How to create an application on Azure: 

• Click on New registration to create new application 
• On Register an application page, provide meaningful name and redirect URL 

• Save application by clicking on Register button. 
• Store application ID as client ID and Key for configuration of CI template 

1.   Click on API permissions to add required permissions to azure application, you can add permissions by clicking on Add a permission > Microsoft Graph > Delegate permissions. Following are the permission set required for user provisioning: 

• Directory.ReadWrite.All 
• User.ReadWrite.All 

Click on Add Permissions to save the updates. 

1. For generating client secrete click Certificates and Secrets from left menu and add new secrete by clicking on new client secret. Store the generated secret Key used as client secrete. 

1. Before using this application for could identity we need to authorize the created application by simply click Grant admin consent for IBM button from application API permissions page. 

How to use Office365 pre-build template  

1. Login to your Cloud Identity portal with admin user. 

1. Click on profile icon form right most corner > switch to admin, you will be redirected to admin dashboard 

1. From the left menu, click for Applications. You are redirected to application page where you can view existing applications, search existing application.   

1. To create application, click on Add application. 

1. Pop-up with search bar will appear, add ‘office365’ in the search bar and select per-build office365 template and click on Add application to start on configurating that application. 

1. The template is divided in three tabs General tab for endpoint general information, Sign-On tab which will contain the SSO configuration for endpoint and Account Lifecycle tab where you need to add configuration details for user provisioning feature.  

1. Add details in General and Sign-On tab as required. In Account Lifecycle tab, we need to provide previously stored configuration details which are domain name of the admin account, client ID and client secrete in API Authentication section.  

1. Click on Test Connection button to check weather provided authentication details are correct. 

1. In API Attribute Mappings section default mapping are already present but you can change the mapping if required and Policies section lists out different policies to be applied for the application such as grace period…etc. 

1. Click on Save button to save your application. 

This is the way Could Identity pre-build Office365 template for user provisioning can be used for Azure as well. 

Demo In Action: 

Reference: 

https://docs.microsoft.com/en-us/graph/ 

https://www.ibm.com/support/knowledgecenter/en/SSCT62/com.ibm.iamservice.doc/kc-homepage.html