Integrating SailPoint with Microsoft Entra ID

Formerly Azure Active Directory.

Revised Date: 22 March 2024

Note

IdentityIQ connector information is now available as online help and PDF. The online help describes the latest updates for the connector.

To find documents related to a specific version of IdentityIQ, refer to the Supported Connectors for IdentityIQ page on Compass.

Configuration details for connectors may vary not only by release version but also by patch version. Be sure to refer to the correct documentation for your specific release and patch level.

Important

  • If you want to enable additional cloud governance features (for example, visualization of effective access or managing the life cycle of Service Principals as "accounts") for your Azure Cloud Objects, you must have a IdentityIQ Cloud Governance license. If you already have a CAM license, no additional license purchase is required. Contact your SailPoint Customer Success Manager to request access and for more information.

    For more information on the additional features supported with cloud governance, refer to the table at the end of the Group Management for Azure Cloud Objects topic.

  • Microsoft Entra ID is the new name for the Azure Active Directory connector. This guide refers to the connector as Microsoft Entra ID except where Azure Active Directory is still utilized, such as in some user interface configurations. When configuring a new connector and selecting the Application Type, it will still be displayed as Azure Active Directory in the dropdown menu.

The SailPoint Microsoft Entra ID connector manages the users and groups in Microsoft Entra ID. Microsoft Entra ID is the directory for all cloud based organizational Microsoft Directory services including Microsoft Office 365.

The SailPoint Microsoft Entra ID connector:

  • Can also be used to provision users into a federated domain in Microsoft Entra ID.

  • Uses Retry-After value to retry API request. It uses exponential back-off if Retry-After value is not returned by API.

  • Uses Microsoft Graph APIs to manage users, groups and licenses.

Azure is Microsoft’s cloud solution platform, which provides plenty of cloud services such as IaaS, PaaS, or SaaS. Azure uses Microsoft Entra ID as its authentication source to provide access on different services to users. Azure has management container objects which are used to group resources and manage access to them.

The Microsoft Entra ID connector provides support for access management of Azure Management Objects along with managing of the Microsoft Entra ID Management Objects.

  • Microsoft Entra ID is the new name for the Azure Active Directory connector. When configuring a new connector, it will still be displayed as Azure Active Directory in the application type list. This is a rebranding effort and connector functionality will remain the same.

  • Supports the management of Organizational Mail Contacts as accounts.

  • Enhanced so that Azure Active Directory B2C tenants now support the Add, Set, and Remove operations for the userIdentities and signInNames attributes of social and local user accounts during the Modify and Update provisioning operations.

  • Supports the managing administrator and user consented permissions for Service Principals.

  • Improved delta aggregation performance.

  • Supports sending customized message in the Invitation Email for a B2B Guest User.