Integrating SailPoint with Microsoft Entra ID

(Formerly Azure Active Directory)

Revised Date: 18 December 2024

Note

IdentityIQ connector information is now available as online help and PDF. The online help describes the latest updates for the connector.

To find documents related to a specific version of IdentityIQ, refer to the Supported Connectors for IdentityIQ page on Compass.

Configuration details for connectors may vary not only by release version but also by patch version. Be sure to refer to the correct documentation for your specific release and patch level.

Important

  • If you want to enable additional cloud governance features for your Entra Cloud Objects (for example, Azure Cloud Object Management , such as, Management Groups, Subscriptions, Resource Groups and Role Assignment or Service Principal Accounts Management), you must have IdentityIQ Cloud Governance license. If you already have a Cloud Access Management (CAM) license, no additional license purchase is required. Contact your SailPoint Customer Success Manager to request access and for more information.

    For more information on the additional features supported with cloud governance, refer to the table at the end of the Azure Cloud Object Management topic.

  • Microsoft Entra ID is the new name for the Azure Active Directory connector. This guide refers to the connector as Microsoft Entra ID except where Azure Active Directory is still utilized, such as in some user interface configurations. When configuring a new connector and selecting the Application Type, it will still be displayed as Azure Active Directory in the dropdown menu.

The SailPoint Microsoft Entra ID connector manages the users and groups in Microsoft Entra ID. Microsoft Entra ID is the directory for all cloud based organizational Microsoft Directory services including Microsoft Office 365.

The SailPoint Microsoft Entra ID connector:

  • Can also be used to provision users into a federated domain in Microsoft Entra ID.

  • Uses Retry-After value to retry API request. It uses exponential back-off if Retry-After value is not returned by API.

  • Uses Microsoft Graph APIs to manage users, groups and licenses.

Azure is Microsoft’s cloud solution platform, which provides plenty of cloud services such as IaaS, PaaS, or SaaS. Azure uses Microsoft Entra ID as its authentication source to provide access on different services to users. Azure has management container objects which are used to group resources and manage access to them.

The Microsoft Entra ID connector provides support for access management of Azure Management Objects along with managing of the Microsoft Entra ID Management Objects.