Today we’re announcing a few big updates in our Azure AD provisioning system. Nitika Gupta, one of our program managers on the Identity team, has written a guest blog post diving into some of the details. You’ll find her blog post below.
Let us know what you think. As always, we’d love to receive any feedback or suggestions you have.
Alex Simons (Twitter: @Alex_A_Simons)
Vice President of Program Management
Microsoft Identity Division
My name is Nitika Gupta. I’m a program manager on the Identity team focusing on provisioning. Azure AD allows customers to bring identities from on-premises systems through Active Directory, as well as cloud HR systems (like Workday), and automatically provision/deprovision the identities to SaaS applications, unlocking joiner-mover-leaver scenarios.
Provisioning enables organizations to have a single identity for a user across all applications and helps unlock productivity, security, and usability for your organization. The Azure AD provisioning team is constantly listening to your feedback on how to make Azure AD provisioning better.
Today, I want to share three key updates to Azure AD provisioning that we rolled out in the last few weeks—based on your input.
Provisioning from Workday now supports username writeback
The user provisioning from Workday to on-premises Active Directory and Azure AD was made generally available in January 2019. Since the release, we’ve almost doubled the number of organizations using provisioning from Workday and are constantly getting feedback on this capability.
Based on your feedback, we added support for username writeback from Azure to AD to Workday. This allows our customers to enable single sign-on (SSO) scenarios where the Workday username field needs to be the same as the Azure AD userPrincipalName attribute.
To learn more, check out our documentation and then try out the feature.
Automatically provision to Dynamic Signal, Keeper Password Manager & Digital Vault, and Comeet Recruiting Software
With automatic provisioning to SaaS applications, you can automate the creation, deletion, and management of user accounts in the application. This ensures that if a user leaves the organization, they immediately lose access to the organization’s applications and data.
Based on your feedback, we’re constantly adding automated provisioning support for new apps including support for the following:
These apps leverage SCIM (System for Cross Domain Identity Management) for automated provisioning. SCIM is standardized protocol and schema that aims to drive greater consistency in how identities are managed across systems.
Working with you, we’ve seen how SCIM greatly simplifies the onboarding and configuration for automated provisioning. We’re excited about the future potential of SCIM and are working to broaden our SCIM capabilities. Check out our latest SCIM documentation along with updated code samples to learn more on how to build integrate a SCIM app with Azure AD.
To learn more about provisioning to SaaS applications, see our documentation.
Manage groups from the cloud and improved usability with the new version of Azure AD Connect
Azure AD Connect enables 270,000 organizations around the globe to provision identities to the cloud. These identities can then be provisioned to SaaS applications like Dynamic Signal.
In the cloud-paced world, where we iterate and add new capabilities rapidly, it can be challenging for our customers to keep up with the capabilities. We heard your feedback that the high frequency of Azure AD Connect releases was slowing you down. In response, we reduced the number of new Azure AD Connect releases to two major releases per year.
In the recent major release (220.127.116.11), we added the following key capabilities:
- Start managing groups from the cloud—With the Office 365 Group writeback capability, you can start creating and managing groups in the cloud and writeback the groups to on-premises, as necessary. Learn more about group writeback.
- Improved usability—We made updates to the Rules editor in the Azure AD Connect experience to help you easily identify and modify sync rules.
- Extending auto upgrade to AD FS deployments—Auto upgrade can help organizations to stay on the latest and greatest version without having to spend IT resources on validating and deploying the update. With this release, we extended the auto upgrade capability to deployments that use AD FS.
The above list is just the tip of the iceberg. To learn about all the improvements in the recent release, checkout our release page.
As you can see, we’re actively listening and responding to your feedback. We’re excited to hear what you think about these new updates. Let us know in the comments below.
Until next time,
Senior Program Manager
Microsoft Identity division