Microsoft Entra ID Gains New API-Driven Provisioning Feature to Improve Security and Compliance

Microsoft Entra ID API-Driven Provisioning is a new feature that makes it easier for businesses to integrate their authoritative systems of record.

has unveiled API-driven provisioning support for ID, previously known as Azure Active Directory. This development aims to facilitate businesses in integrating their authoritative systems of record, such as HR apps, payroll apps, SQL tables, and spreadsheets, with Azure AD provisioning.

The new feature promotes integration with a range of authoritative systems of record, including HR apps, payroll apps, SQL tables, and spreadsheets. This enhancement is expected to streamline the synchronization of HR data managed in various systems of record with Microsoft Entra ID, assisting businesses in bolstering their security measures and maintaining with regulatory standards.

According to the official announcement on Microsoft's Tech Community, “Customers and partners can use any automation tool of their choice to retrieve workforce data from the system of record and ingest it into Azure AD. The IT admin has full control on how the data is processed and transformed with attribute mappings. Once the workforce data is available in Azure AD, the IT admin can configure appropriate joiner-mover-leaver business processes using Lifecycle Workflows.”

Microsoft highlighted several potential applications for the API-driven provisioning system:

  1. Enterprise HR Integration: IT administrators can utilize automation tools, such as PowerShell scripts or Azure Logic Apps, to import HR data from sources like flat files, CSV files, and SQL staging tables. This allows for the automatic provisioning of both cloud-only and hybrid users from any trusted data source.
  2. Direct Integration: Independent Software Vendors (ISVs) can establish direct integration with Microsoft Entra ID, while partners can develop custom HR connectors to meet specific integration requirements concerning data flow from systems of record to Entra ID.

The API-driven provisioning feature is currently available in public preview for enterprise customers. However, to access this feature, organizations must have a Microsoft Entra ID P1 (formerly Azure AD Premium P1) subscription or a higher-tier subscription.

Feedback from Partners and Customers

Several partners and customers have expressed their views on the new feature. Sachin Desai, Sr. Director at Avanade Inc., mentioned, “Microsoft Entra API-driven provisioning will allow us to achieve our cloud-first vision by provisioning identity directly in the cloud and on-premises, integrating with our HR application.”

Pim Jacobs, Principal Consultant at InSpark and a Microsoft Most Valuable Professional (MVP), added that with API-driven provisioning, HR has better control over the identity lifecycle & data in Active Directory and Microsoft Entra ID. He emphasized the benefits of combining this with Lifecycle Workflows, which simplifies onboarding and offboarding processes, eliminating manual work and ensuring up-to-date identity.

Rebranding Active Directory into the Entra Family

Microsoft Entra ID is the new name for Azure Active Directory (Azure AD), the platform that helps organizations manage and secure their identities. This is not just a cosmetic change, but a major update that brings new features and capabilities to the platform. For instance, Microsoft Entra ID will support federated identities, which will enable organizations to easily connect with other organizations and cloud services.

This change is part of Microsoft's larger strategy to rebrand its identity and access management (IAM) portfolio under the Microsoft Entra brand. This will help customers find the right products for their needs and simplify the product portfolio. It will also help customers manage their identities across different Microsoft products and services with a unified IAM solution.