Azure AD sync
To sync users and groups into HelloID from an Azure AD tenant, configure HelloID to act as a target system for the Azure AD provisioning service.
To get started, Enable sync.
Tip
If you want synced Azure AD users to be able to log in to HelloID using their Azure AD credentials, you must separately create an Azure AD (OIDC) IdP.
Azure AD sync mappings
Mappings for Azure AD sync do not use HelloID Mapping sets. Instead, they are customized on the Azure side, in the Azure AD attribute mapping settings. The following attributes are supported:
All default OIDC attributes.
The Azure AD
employeeID(synchronized into Custom user attributes)The Azure AD
manager(sets the HelloID user's Manager field to the relevant HelloID user)
Warning
Synchronization of the employeeID and Manager attributes is limited because Microsoft does not include them in the initial create call. These attributes are only accessible during updates or through manual pushes.
Other custom attributes are not supported.
Azure AD sync schedule
The sync schedule is determined by the Azure AD provisioning interval.
Azure AD consent request suppression
Note that HelloID requests admin consent for the Directory.AccessAsUser.All permission. This is to suppress consent requests when users log into HelloID for the first time.
Azure AD group sync
The free Azure AD license does not sync groups to HelloID. For group synchronization, your Azure AD license must be P2 or higher.
Azure AD sync settings reference
- URL
The tenant URL expected by HelloID's T2 API. Automatically generated when you click New Secret.
- Secret
The secret token to connect to HelloID's T2 API. Automatically generated when you click New Secret.