Skip to main content

HelloID

Add Azure AD user mappings

When enabling Entra ID directory sync (previously: Azure AD), you may need to add one or two user Azure AD sync mappings.

Add user mappings only when your HelloID modules depend on attributes that are not automatically included in the default synchronization.

  • Access Management: Add employeeId if your SSO applications rely on this attribute.

  • Service Automation: Add manager.id if product requests must be approved by a user’s manager and HelloID is not configured as a target system in Provisioning (which is the preferred setup).

Caution

After enabling directory synchronization, it may take some time before these attributes appear in HelloID.

Added attributes are only synchronized after a user update in Entra ID, not during initial provisioning or sync restarts.

For manager data, synchronization occurs only after the manager account exists in HelloID. Until then, Entra ID retries may cause the SCIM task to enter a quarantine state. For more information, see Quarantine status in Microsoft Entra Application Provisioning – Microsoft Learn.

  1. Log in to your Azure portal at https://portal.azure.com/.

  2. Go to Enterprise Applications > HelloID > Provisioning.

  3. Click Edit Attribute Mappings.

  4. Click Provision Microsoft Entra ID Users.

    ProvisionMSEntraIDUsers.png

  5. Go to Show Advanced Options > Review Your Schema Here.

    2022-10-18_13-04-24.jpg
    2022-10-18_13-06-07.jpg

  6. In the schema, add the employeeId and/or manager.id attributes:

    1. Press Ctrl+F and search for "name": "emails[type eq \"work\"].value",

      This takes you to the object.directories[1].objects[1].attributes section, where object.directories[1].name is HelloID, and object.directories[1].objects[1].name is urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.

      Depending on which attribute is needed, add:

      {
  "anchor": false,
  "caseExact": false,
  "defaultValue": null,
  "flowNullValues": false,
  "multivalued": false,
  "mutability": "ReadWrite",
  "name": "employeeId",
  "required": false,
  "type": "String",
  "apiExpressions": [],
  "metadata": [],
  "referencedObjects": []
}

      and/or

      {
  "anchor": false,
  "caseExact": false,
  "defaultValue": null,
  "flowNullValues": false,
  "multivalued": false,
  "mutability": "ReadWrite",
  "name": "manager.id",
  "required": false,
  "type": "String",
  "apiExpressions": [],
  "metadata": [],
  "referencedObjects": []
}
      Schema_UserAttributes.png

    2. Click Save to return to the Attribute Mapping page.

  7. Add the associated mapping(s):

    Click Add New Mapping and add a mapping for each attribute that was added to the schema:

    Azure_EditAttribute.png

    • For employeeId:

      • Under Source attribute, select employeeId

      • Under Target attribute, select employeeId

    • For manager.id:

      • Under Source attribute, select manager

      • Under Target attribute, select manager.id

    Click OK.

  8. Back in the Attribute Mapping page, click Save and then Yes to confirm.

    Azure_SaveAttributeMappings.png

The attributes have now been added to the list.

Azure_AttributeMappings.png
In this section: