Entra ID (AAD) UserSync connector - User Provisioning¶
A pull based user provisioning connector for Entra ID (AAD) that syncs users and groups from Entra ID (AAD) to Privacera at a configured interval.
Features¶
-
Managed User List: Configurable list of users including wildcards to be managed by UserSync. UserSync will only sync users that are in or matched by the managed list.
-
Managed Group List: Configurable list of groups including wildcards to be managed by UserSync. UserSync will only sync groups that are in or matched by the managed list.
-
Server-Side filtering: UserSync can be configured to filter users and groups based on Microsoft Graph API filters.
Note: this feature is not compatible with incremental sync. -
Group Only: UserSync can be configured to sync only users that are members of synced groups from the server.
-
Nested groups: Support for nested groups. Nested groups will be imported in a flattened manner. The Entra ID (AAD) connector supports nested groups using the transitiveMember function of Microsoft Graph API.
For example:
Group1
|-- Group2
|---|-- User1
|---|-- User2
|---|-- Group3
|-------|-- User3
|-- User4
will be imported as:
Group1
|-- User1
|-- User2
|-- User3
|-- User4
Group2
|-- User1
|-- User2
|-- User3
Group3
|-- User3 -
Incremental Sync: Incremental sync is supported. UserSync will perform a delta search to get the changes since the last sync when enabled.
Note: Incremental sync is not compatible with server-side filtering. -
Service Principal: UserSync can be configured to sync a service principal as a User.