Create Account Policy

The following lists the attributes in the create account policy:

Default is User

To create user, set this value to User.

User principal name (UPN) of the user.

For example, jeff@contoso.onmicrosoft.com

Password for the new account.

Display name of the account.

Mail alias for the account.

Set it to false to create disabled account. Default: True

If true, asks user to change password on next login. Default: True

Department in which the user works.

User's job title.

Set it true to create federated domain user. If this is checked and immutableId is not set then random immutableId value will be used.

This property is used to associate an on-premises Active Directory user account to their Microsoft Entra ID user account; Populate this attribute with objectGUID of account from on-premises Active Directory to create federated user synchronized with on –premises Active Directory user.

Specifies password policies for the user.

For example: DisablePasswordExpiration, DisableStrongPassword

Additional email addresses for the user.

First name of the user.

Surname of the user.

A two letter country code (ISO standard 3166). Required for users that will be assigned licenses.

Country/region in which the user is located. For example, US or UK

State or province in the user's address.

City in which the user is located.

Street address of the user's place of business.

Postal code for the user's postal address.

Office location in the user's place of business.

Preferred language for the user. Should follow ISO 639-1 Code.

For example, en-US

Primary telephone number of the user's place of business.

Primary cellular telephone number for the user.

Telephone number of the user's business fax machine.

ServicePrincipal Role Id.

By default not present in the schema. It is required if you want to assign ServicePrincipal during account creation. For more information, see .

Guest User (B2B) Support

The Microsoft Entra ID connector supports creation of Guest User (B2B) by sending invitations. Creation of Guest User (B2B) varies from normal user creation in terms of attributes provided during creation.

Create Guest User (B2B) Account Policy

Default is User

To create Guest User (B2B), set this value to Guest User B2B.

Email address of the user.

The URL that the user will be redirected to after redemption.

Set it to False if invitation email need not to be sent to the user. Default is True

Customized message text that can be added in the invitation email for the B2B Guest User.

The display name of the user being invited.

A two letter country code indicating usage location (ISO standard 3166).

ServicePrincipal Role Id.

By default not present in the schema. It is required if you want to assign ServicePrincipal during account creation. For more information, see .

Local User (B2C) Support

The Microsoft Entra ID connector supports creation of Local Users. Creation of Local User account varies from normal user in terms of attributes provided during creation. Account creation also supports custom attribute.

Create Local User (B2C) Account Policy

Default is User

To create Local User (B2C), set this value to Local User B2C.

Sign-in type for user in your Azure directory.

Sign-in name for user.

Display name of account.

Password for the new account.

Set it to false to create disabled account. Default: True

If true, asks user to change password on next login. Default: True

ServicePrincipal Role Id.

By default not present in the schema. It is required if you want to assign ServicePrincipal during account creation. For more information, see .

Note
Custom user attributes can be added in B2C create account policy by appending suffix "_C" to the attribute.