Data provisioning
Connection details
To specify connection details:
-
In the Domain name field, type the address of the domain used for the Azure tenant, such as
example.com.The value is used when provisioning new users. -
In the API Version field specify the Microsoft Graph API version. By default, it is set to version 1.0 and the value should usually not be changed.
-
Optionally, specify the Tenant ID. Type or paste the Directory ID of the directory for the Omada Identity application you have created on Microsoft Azure Active Directory. You can find the Directory ID by going to the Properties section for the relevant directory on the Microsoft Azure Portal.If value is not specified, the connector will use the value specified under Connection details. You should only specify a value here if you have not used the standard Microsoft Azure Active Directory collector to load information.
-
Optionally, specify the Application ID. Type the ID of the Omada Identity Azure application that you must create in the Microsoft Azure Portal. Find the Application ID under Settings in the Microsoft Azure Portal. If the value is not specified, the connector will use the value specified under Connection details. You should only specify a value here if you have not used the standard Microsoft Azure Active Directory collector to load information.
-
Optionally, specify the Client secret. Type or paste the value of a key that you have created in the Microsoft Azure Portal. If value is not specified, the connector will use the value specified under Connection details. You should only specify a value here if you have not used the standard Microsoft Azure Active Directory collector to load information.
-
Optionally, configure the Headers field. In it You can provide JSON document specifying custom headers, for example:
{"Request": {"Accept": " text/html","contenttype":
"application/json","SomeCustomHeaderWithValue":
"custom value", "SomeCustomHeaderWithoutValue":
null}} -
The last optional field is Test connection. Enable this setting to validate the information that you have inserted in the fields in the dialog box.If there are any errors, you receive an error message.
Data model
The data model for Microsoft Azure Active Directory Connectivity supports the following objects. The parameters listed in the tables are not all the available parameters, but only the commonly used ones. You can extend the object with additional parameters if required.
MSAzureAdUser
The MSAzureAdUser object is used to create, update, and delete users in Microsoft Azure Active Directory. Supported operations: create, update, and delete. The MSAzureAdUser object has the following common properties:
| Parameter | Type | Description |
|---|---|---|
| userPrincipalName* | stringType | The unique user principal name (UPN) of the user. |
| accountEnabled** | booleanType | true if the account is enabled; otherwise, false. |
| usageLocation | stringType | A two-letter country code. Examples include: "US", "JP", and "GB". |
| displayName** | stringType | The user’s display name. |
| givenName | stringType | Given name or first name of user. |
| surname | stringType | Surname or last name of the user. |
| department | stringType | The name for the user’s department. |
| jobTitle | stringType | The user's job title. |
| mailNickname** | stringType | The mail alias for the user. |
| passwordProfile.password** | secureStringType | The password for the user. |
| passwordProfile.forceChangePasswordNextSignIn | booleanType | true if the user must change her password on the next login; otherwise false. |
Properties marked with * are required. Properties marked with ** are required on create actions.
MSAzureAdGroup
The MSAzureAdGroup object is used to create, update, and delete Groups in Microsoft Entra ID. Supported operations: create, update, and delete. The MSAzureAdGroup object has the following properties:
| Parameter | Type | Description |
|---|---|---|
| displayName* | stringType | The group’s display name. |
| mailNickname** | stringType | A description of the group. |
| mailEnabled | booleanType | Specifies whether the group is mail-enabled. If the securityEnabled property is also true, the group is a mail-enabled security group; otherwise, the group is a Microsoft Exchange distribution group. Only (pure) security groups can be created using Microsoft Graph. For this reason, the property must be set false when creating a group and it cannot be updated using Microsoft Graph. |
| securityEnabled | booleanType | Specifies whether the group is a security group. If the mailEnabled property is also true, the group is a mail-enabled security group; otherwise it is a security group. Only (pure) security groups can be created using Microsoft Graph. For this reason, the property must be set true when creating a group. |
Properties marked with * are required. Properties marked with ** are required on create actions.
MSAzureAdAssignment
The MSAzureAdAssignment object is used to add or remove a user from a group. Supported operations: create, and delete. The MSAzureAdAssignment object has the following properties:
| Parameter | Type | Description |
|---|---|---|
| objectGuid | stringType | Guid of a group |
| userObjectRef | stringType | A user reference used when removing group members. |
| directoryObjectRef | stringType | A directory reference used when adding group members. |
MSAzureAdRoleAssignment
The MSAzureAdRoleAssignment object is used to add or remove a user from a role. Supported operations: create, and delete. The MSAzureAdRoleAssignment object has the following properties:
| Parameter | Type | Description |
|---|---|---|
| objectGuid | stringType | Guid of a group |
| userObjectRef | stringType | A user reference used when removing group members. |
| directoryObjectRef | stringType | A directory reference used when adding group members. |
Task mappings
Microsoft Azure Active Directory connectivity uses the following mappings:
| Parameter | Description |
|---|---|
| MS Entra ID – Assignment | Contains mappings for Microsoft Entra ID Group Assignments |
| MS Entra ID – Role Assignment | Contains mappings for Microsoft Entra ID Role Assignments |
| MS Entra ID – Group | Contains mappings for Microsoft Entra ID Groups to Resource Lifecycle Management resources |
| MS Entra ID – User | Contains mappings for Microsoft Entra ID Users Assignments |
| MS Entra ID – SSPR | Contains mappings for self-service password reset for Microsoft Entra ID users |
The default Microsoft Azure Active Directory account task mappings use clear-text password that should be encrypted. If the password cannot be encrypted (for example with the stringEncrypter tool), replace it with a calculated attribute.