How to allow 3rd Party Cloud App to make changes to AAD while it's in sync with other on prem AD

Question

Hello,

We have a situation in our IT infrastructure. We currently have multiple on-prem AD using different domains. And all these on-prem are connected to different fileservers / Services. Now, we are also connected to the Cloud (AAD), it's kind of a hybrid system going on. We have synced our AAD with one of our on-prem IT but we cannot do so for the others as Microsoft does not allow AAD to have more than 1 sync. (As I am told). Also the problem also arises when we try to integrate 3rd party cloud Apps with our AAD. For example, we are using a HR system and we'd like automatic creation of employees in AAD from that HR system. I am also told that while AAD is in sync, 3rd party apps cannot make any changes to it. Can someone please correct me where I am wrong here and how to solve this entire situation?

Thank You

Answer 1

Hello Muzaffar Soogun,

Thanks for your question.

I will be answering your questions.

1stly: Entra Connect can synchronize multiple on-premises AD forests/domains to a single Entra tenant. See: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/plan-connect-topologies#multiple-forests-single-microsoft-entra-tenant

Third-party applications can still interact with and make changes to Entra ID. You can also use HR systems. See: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/plan-cloud-hr-provision?source=recommendations

I will recommend you read more about the answers above, as they are complex systems that require careful planninf for implementation.

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola