Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,663 questions
Hi @David Jones yes, it is possible to sync custom security attributes with Azure AD Provisioning Service. You can use the directory extension feature to add source attributes that aren't synchronized by default. You will need to perform the following tasks before configuring provisioning to your application:
- Check with the on-premises Active Directory domain admins whether the required attributes are part of the AD DS schema, and if they are not, extend the AD DS schema in the domains where those users have accounts.
- Open the Azure AD Connect wizard, choose Tasks, and then choose Customize synchronization options.
- Sign in as an Azure AD Global Administrator.On the Optional Features page, select Directory extension attribute sync.
- Select the attribute(s) you want to extend to Azure AD.
-
- Finish the Azure AD Connect wizard and allow a full synchronization cycle to run.When the cycle is complete, the schema is extended and the new values are synchronized between your on-premises AD and Azure AD.
- In the Azure portal, while you’re editing user attribute mappings, the Source attribute list will now contain the added attribute in the format <attributename> (extension_<appID>_<attributename>), where appID is the identifier of a placeholder application in your tenant. Select the attribute and map it to the target application for provisioning.
For more information, you can refer to the following link: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/app-provisioning/user-provisioning-sync-attributes-for-mapping.md <sup>[2]</sup>
Please let me know if you have any questions and I can help you further.
If this answer helped you please mark it as "Verified" so other users can reference it.
Thank you,
James