Published: Aug 23, 2023
Key takeaways:
- Microsoft introduces API-driven provisioning support for Microsoft Entra ID.
- The feature allows integration with various authoritative systems of record like HR apps, payroll apps, SQL tables, and spreadsheets.
- The API-driven provisioning capability is available in public preview for enterprise customers.
Microsoft has announced API-driven provisioning support for Microsoft Entra ID (formerly Azure Active Directory). This new release allows businesses to seamlessly integrate their authoritative system of record with Azure AD provisioning, encompassing everything from HR and payroll apps to SQL tables and spreadsheets.
The API-driven provisioning feature is designed to help organizations ensure that the HR data managed in various systems of record is synced with Microsoft Entra ID. It makes it easier for businesses to improve their security posture and stay compliant with regulatory requirements.
“Customers and partners can use any automation tool of their choice to retrieve workforce data from the system of record and ingest it into Azure AD. The IT admin has full control on how the data is processed and transformed with attribute mappings. Once the workforce data is available in Azure AD, the IT admin can configure appropriate joiner-mover-leaver business processes using Lifecycle Workflows,” Microsoft explained.
Microsoft highlighted that the API-driven provisioning system could be useful for several enterprise HR integration scenarios. For instance, it enables IT admins to use any automation tool (like PowerShell scripts or Azure Logic Apps) to import HR data from sources, such as flat files, CSV files, and SQL staging tables. They can also automatically provision both cloud-only and hybrid users from any trusted data source.
Additionally, the API-driven provisioning feature lets ISVs build direct integration with Microsoft Entra ID. It also enables partners to build custom HR connectors to comply with integration requirements about data flow from systems of record to Entra ID.
Microsoft notes that the API-driven provisioning feature is currently available in public preview for enterprise customers. However, it requires organizations to have a Microsoft Entra ID P1 (formerly Azure AD Premium P1) subscription or higher.
Microsoft will keep listening to the user feedback to improve API-driven provisioning for Entra ID customers. The company plans to share details about the licensing terms when the feature becomes generally available in the coming months. You can check out details about how to configure API-driven provisioning on this support page.