SCIM based User Provisioning in Azure AD – Real World Notes
What is SCIM? Cross-domain Identity Management (SCIM) standard for enabling automatic provisioning of users and groups from Azure AD or Okta Universal Directory to another SaaS application ( Salesforce, )…
AAD connect cloud sync vs AD Connect regular sync support for multi valued attributes
When migrating users from AD (on premises) to AAD, one has two options - AAD Cloud Sync (mostly configured in the cloud - lightweight agents needed on data center) and…
SAML Federation to Azure AD – Some Notes from the Field
Also read - Migrating from ADFS to AAD Correct User Access URLs (IdP Initiated versus SP Initiated) The correct end user access URL can be obtained from the Properties tab…
One Time Passwords versus MS Live Logins – AAD
In Azure AD, an external user can be added via an email invitation (also read B2B versus B2C Users in AAD and More on AAD Guest Users). If that email…
Enterprise AAD App – Visible to All users
There are a couple of different ways to grant ALL users access to an AAD enterprise app. The simplest approach most admins take is to via the App --> Properties…
Azure AD Connect for syncing AD Groups to AAD
Say you have AD groups and / or AD users that need to be synchronized to Azure AD. This can be from an existing AD on premises or a new…
How does one replace an on premises LDAP server with Azure AD?
Part of the answer lies in ADDS (Azure Active Directory Domain Services). You would create a managed domain with ADDS and configure that managed domain to use LDAP. Need…
One Time Passwords
What are OTPs? OTPs (alphanumeric strings) authenticate a user for a single transaction or session. OTPs may replace authentication login information or may be used in addition to it, to…
SCIM based provisioning of users versus Graph API
Say you had a SaaS product configured as an enterprise App in AAD and wanted to automate the addition / decommissioning of users for that app. There's a few paths…
Microsoft Identity Manager – MIM
MIM can be thought of as the precursor to AAD Enterprise Applications. It enables on premises AD Admins to provide users access to Active Directory and on-premises business applications. By…