Supplementary documentation on the Azure AD sync setup process can be found at https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/helloid-provisioning-tutorial.
You can sync users and groups into HelloID from an Azure Active Directory (Azure AD) tenant. Unlike on-premises Active Directory configurations, Azure AD synchronization does not operate via an IdP, mapping set, and sync task. Rather, Azure AD synchronization configures HelloID to act as a target system for the Azure AD provisioning service.
If you want synced Azure AD users to be able to log in to HelloID using their Azure AD credentials, you must separately create an Azure AD OIDC IdP.
Mappings are customized in the Azure AD attribute mapping settings. The following attributes are supported:
- All default OIDC attributes.
- The Azure AD
employeeID(synchronized into user attributes)
- The Azure AD
manager(sets the HelloID user's Manager field to the relevant HelloID user)
- Other custom attributes are not supported.
The sync schedule is determined by the Azure AD provisioning interval.
Note that HelloID requests admin consent for the
Directory.AccessAsUser.All permission. This is to suppress consent requests when users log into HelloID for the first time.
To get started, go to Directory > Azure AD.
Azure AD - Overview
NOTE: See Enable or disable Azure AD synchronization for complete setup instructions.
The tenant URL expected by HelloID's T2 API. Automatically generated when you select the New Secret button.
The secret token to connect to HelloID's T2 API. Automatically generated when you select the New Secret button.