Microsoft Entra API-Driven Provisioning Preview Eases HR App Integrations
The API works with system-of-record solutions.
Microsoft on Wednesday announced a preview of "Microsoft Entra API-driven provisioning," which promises to ease HR data sharing with Microsoft's identity and access management solutions.
Specifically, the Entra API-driven provisioning works with so-called "system-of-record" software information, such as data from human resources (HR) applications. For instance, Microsoft's announcement included the following testimonial from partner SmartHR on the benefits of Entra API-driven provisioning:
With API-driven provisioning, our customers can link employee information in SmartHR with Microsoft Entra ID. This will reduce the time and effort required to manage accounts as employees join, move, or leave the company.
Microsoft already has its Microsoft Graph API, but its use requires that the shared data be in OData format, per Microsoft's FAQ on API-driven inbound provisioning. In contrast, Entra API-driven provisioning uses "standard SCIM schema attributes to abstract schema differences across systems and provide a consistent mapping experience," the announcement explained.
SCIM, or System for Cross-domain Identity Management, is a standard and a REST- and JSON-based protocol for transmitting identity data that's used to automate user provisioning processes, according to a description by identity services company Okta.
Entra API-driven provisioning works with "any system of record." Organizations can use any automation tool to "retrieve workforce data from the system of record and ingest it into Azure AD," Microsoft explained in this Microsoft document.
The document also suggested that IT departments would have "full control" over the data processing associated with Entra API-driven provisioning:
The IT admin has full control on how the data is processed and transformed with attribute mappings. Once the workforce data is available in Azure AD, the IT admin can configure appropriate joiner-mover-leaver business processes using Lifecycle Workflows.
Lifecycle Workflows is used to automate the assignment and management of access rights, and it also has monitoring capabilities for when user attributes change. Lifecycle Workflows is part of Microsoft Entra ID Governance, a product that Microsoft commercially released in June.
The Entra API-driven provisioning preview can import data from "sources like CSV files and SQL staging tables using the automation tool of your choice," Microsoft noted. It can automatically provision both "cloud-only users and hybrid users" using "any trusted source."
The preview makes it easy for organizations to automate the user lifecycle, suggested Alex Simons, corporate vice president of product management for the Microsoft Identity and Network Access Division.
"With our new inbound provisioning API, it's straightforward to provision users from cloud or on-premises HR systems," he stated in an Aug. 23 Twitter post.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.