Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log in to the management console using your username and password or admin/admin credentials.

  2. Click Add under Identity Providers on the Main menu. 

  3. Enter a name for the identity provider.

  4. Expand Outbound Provisioning Connectors and then expand Office365 Provisioning Configuration. 
  5. Configure the following fields. 

    FieldDescriptionSample Value
    EnableSelect the checkbox to enable Office365 identity provisioning. Unselect the checkbox to disable it.Selected
    Client IDThe application ID used to register the app in the Microsoft App Registration Portal
    (see the prerequisites for more information).
    7d7d8f46-7184-4dc7-a198-4554dadc1197
    Client SecretThe application secret used to register the app in the Microsoft App Registration Portal
    (see the prerequisites for more information).

    Office365 Tenant NameThe organization name used to signup for Office 365. wso2office.onmicrosoft.com
    Office365 Domain NameThe domain name registered in Office365 (see the prerequisites for more information).wso2.ml
    Immutable IDA valid claim which acts as the unique identifier of the user in the Azure AD. The claim URI for the Immutable ID should match the Subject Claim URI given under the Claim Configuration section when creating a service provider.http://wso2.org/claims/objectguid

    User Principal Name

    A valid claim which will be the Internet-style login name for the user.

    http://wso2.org/claims/username

    Append Domain Name to UPN

    If this is set to true, the domain name is appended to the UPN if it is not already there.

    true


    (E.g., if the username is "john" and the domain name is "foo.com",
    the UPN will be "john@foo.com")

    Display Name

    A valid claim which is the name displayed for the user in the address book of the Azure AD.

    http://wso2.org/claims/displayName

    Email Nickname

    A valid claim as the mail alias for the user in the Azure AD.

    http://wso2.org/claims/username

    Dynamic Membership Rule Attribute

    The Azure AD user attribute considered during the execution of the dynamic membership query
    (see prerequisites for more information).

    Note

    Note: This is an optional configuration and can be used when dynamically assigning users into groups
    for provisioning in the Azure AD. The attribute must be equal to the attribute name given to the dynamic membership rule.

    department

    Dynamic Membership Rule Value

    The claim mapped to the attribute (see prerequisites for more information).

    Note

    Note: This is an optional configuration and can be used when dynamically assigning users into groups
    for provisioning in the Azure AD.
    However, if the attribute has been set and this value has not been set, http://wso2.org/claims/role is considered as the default value.

    http://wso2.org/claims/role


    Tip

    Tip: All the fields that are marked as mandatory * must have a value in order to succesfully provision the users. For more information about user attributes in the Azure AD, see the user properties in the Microsoft documentation.

  6. Optional step - you can provision users based on the roles they are assigned to. To do this, configure the following. 
    For more information, see Role Based Provisioning.

    1. Expand Role Configuration section.

    2. Enter the provisioning roles.

  7. Click Register to save the changes. 

...