Skip to main content


Azure AD sync


To sync users and groups into HelloID from an Azure AD tenant, configure HelloID to act as a target system for the Azure AD provisioning service.

To get started, Enable sync.


If you want synced Azure AD users to be able to log in to HelloID using their Azure AD credentials, you must separately create an Azure AD (OIDC) IdP.

Azure AD sync mappings

Mappings for Azure AD sync do not use HelloID Mapping sets. Instead, they are customized on the Azure side, in the Azure AD attribute mapping settings. The following attributes are supported:

  • All default OIDC attributes.

  • The Azure AD employeeID (synchronized into Custom user attributes)

  • The Azure AD manager (sets the HelloID user's Manager field to the relevant HelloID user)


Synchronization of the employeeID and Manager attributes is limited because Microsoft does not include them in the initial create call. These attributes are only accessible during updates or through manual pushes.

Other custom attributes are not supported.

Azure AD sync schedule

The sync schedule is determined by the Azure AD provisioning interval.

Azure AD group sync

The free Azure AD license does not sync groups to HelloID. For group synchronization, your Azure AD license must be P2 or higher.

Azure AD sync settings reference

The tenant URL expected by HelloID's T2 API. Automatically generated when you click New Secret.


The secret token to connect to HelloID's T2 API. Automatically generated when you click New Secret.