API-driven HR Provisioning with Azure EntraID

Introduction

This blog describes how to dynamically provision users in Entra Id from any HR system. This is api-driven approach as apposed to point-to-point provision using Azure provided connectors.

This can also be enhanced to writecback few fields into the HR system from Entra Id. Examples for these fields can be email Id or a user Id in Entra. This means that there must be an orchestrator software that can help by firstly converting data from hr system into SCIM+JSON format and calling Entra Id with the Microsoft graph Post endpoint. Secondly, it pulls writeback fields from Entra Id and makes a call to hr system to update.

Prerequisites

1. Minimum P1 license for Entra Id.
2. Familiarity with Enterprise app creation and App registration process.
3. Familiarity with Microsoft Graph APIs.
4. Postman or Bash: To test.

Architecture

Steps

References links explain end to end process thoroughly.

References

• https://www.youtube.com/watch?v=olkOYEyJB1o <!–* https://www.youtube.com/watch?v=4FLEroQ8zmQ
• https://learn.microsoft.com/en-us/entra/identity/app-provisioning/inbound-provisioning-api-curl-tutorial –>