Azure AD sync

You can sync users and groups into HelloID from an Azure Active Directory (Azure AD) tenant, by configuring HelloID to act as a target system for the Azure AD provisioning service.
To get started, Enable Azure AD sync.
Tip
If you want synced Azure AD users to be able to log in to HelloID using their Azure AD credentials, you must separately create an Azure AD OIDC IdP.
Mappings (Azure AD sync)
Mappings for Azure AD sync do not use Mapping sets. Instead, they are customized in the Azure AD attribute mapping settings. The following attributes are supported:
All default OIDC attributes.
The Azure AD
employeeID
(synchronized into Custom user attributes)The Azure AD
manager
(sets the HelloID user's Manager field to the relevant HelloID user)
Other custom attributes are not supported.
Sync schedule (Azure AD sync)
The sync schedule is determined by the Azure AD provisioning interval.
Consent request suppression (Azure AD sync)
Note that HelloID requests admin consent for the Directory.AccessAsUser.All
permission. This is to suppress consent requests when users log into HelloID for the first time.
Group sync (Azure AD sync)
The free Azure AD license does not sync groups to HelloID. For group synchronization, your Azure AD license must be P2 or higher.
Azure AD sync settings reference
- URL
The tenant URL expected by HelloID's T2 API. Automatically generated when you click New Secret.
- Secret
The secret token to connect to HelloID's T2 API. Automatically generated when you click New Secret.