Azure AD sync

Note

Throughout this documentation, the term Azure AD refers to Microsoft Entra ID, which is the current name of the service.

To sync users and groups into HelloID from an Azure AD tenant, configure HelloID to act as a target system for the Azure AD provisioning service.

To get started, Enable Azure AD sync.

Tip

If you want synced Azure AD users to be able to log in to HelloID using their Azure AD credentials, you must separately create an Azure AD (OIDC) IdP.

Azure AD sync mappings

Mappings for Azure AD sync do not use HelloID Mapping sets. Instead, they are customized on the Azure side, in the Azure AD attribute mapping settings. The following attributes are supported:

All default OIDC attributes. These are included when you Enable Azure AD sync.
The Azure AD employeeID (synchronized into Custom user attributes)
The Azure AD manager (sets the HelloID user's Manager field to the relevant HelloID user)

Default OIDC attributes are included when you Enable Azure AD sync. For instructions on adding the employeeID and Manager attributes, see Add Azure AD user mappings.

Warning

Synchronization of the employeeID and Manager attributes is limited because Microsoft does not include them in the initial create call. These attributes are only accessible during updates or through manual pushes.

Other custom attributes are not supported.

Azure AD sync schedule

The sync schedule is determined by the Azure AD provisioning interval.

Azure AD group sync

The free Azure AD license does not sync groups to HelloID. For group synchronization, your Azure AD license must be P2 or higher.

Azure AD sync settings reference

URL: The tenant URL expected by HelloID's T2 API. Automatically generated when you click New Secret.
Secret: The secret token to connect to HelloID's T2 API. Automatically generated when you click New Secret.

In this section: