Hello,
Our customer wants to use Azure AD as the authoritative source for the identity profile partner staff (B2B guest users in azure AD). For these guest users, additional identity attributes are needed in Identitynow. The idea is that the azure AD connector should fetch these custom account attributes during aggregation. Therefore, we have created a schema extension in azure AD for user objects which contains all custom attributes.
We followed the instructions as described in the document to configure the azure AD connector using client credentials.
Azure Active Directory Source Configuration Reference Guide - Compass (sailpoint.com)
Question: Does the account schema of the azure AD connector need to be modified? If so, how? Or is there any other solution? In the example below, the azure AD connector should fetch all custom attributes from azure schema extension “extjj27k3r8_userIdnowCustomAttributes”.
Example of user object schema extension in azure AD:
{
“extjj27k3r8_userIdnowCustomAttributes”: {
“StaffID”: “12345”,
“StaffGUID”: “aa93abe9c0a69b4e55686bcda04dacb0”,
“StaffType”: “Partner staff”,
“CompanyID”: “PC001”,
“CompanyName”: “Company X”,
“StartDate”: “2022-02-01T09:00:00”,
“EndDate”: “2022-12-31T00:00:00”,
“EmploymentState”: “Prehire”
}
}
Any feedback is welcome.
Regards,
David