Pushing down Azure AD RBAC rules to legacy and SaaS systems?

Jean Baro 1 Reputation point

Hi there,

I am new to Azure AD. Please forgive me if this is a naive question (I couldn't find a good answer on google).

We use AD as our single/centralized LDAP for Staff/Employees.

Now, we would like to turn Azure AD into the solo tool we need to manage RBAC and Credentials for all our employees.


  1. Once a new employee is hired, we can go to the AD Admin panel and grand access to this person (add them to a access group)
  2. If this person leaves the company, we can go to AD Admin and revoke their access.
  3. If this person changes position/role at the company, it should be a matter of just going to Azure AD and moving them from one group to another.

Now, this seems to be a super typical use case for any company, BUT, like all of them, we have hundreds of different systems that Staff/Employees use daily. These can be SaaS services, In-House Legacy systems, old generation products, MS Excel spreadsheets, etc.

  • Most of these systems support AD integration for AUTHENTICATION
  • Few of these systems support AD integration for AUTHORIZATION (RBAC).

My question is: is there any add-on or native Azure AD functionality that I could use to integrate the authorization mechanism of those systems with Azure AD authorization? Some low-code tool or a set of preexisting "adapters" for the most commonly used systems? Like Netsuite, Salesforce, ZenDesk, SAP, etc.? What about the legacy and in-house systems?

After having this framework built around Azure AD, the benefits would be:

  • Be able to provision and de-provision users in a central system
  • Trace all the user access in one place
  • Extract data (reports) from a single source of truth

Please, Is that something that can be done in Azure AD, or do I need another tool/service?

Any help would be appreciated.


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,799 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 16,781 Reputation points MVP

    Hi @Jean Baro

    First, you need to synchronize your Azure AD with your AD, you can do it with "Azure AD Connect"
    With that synchronization, you can administrate all your users from your AD

    About the second part of your question, in the Azure AD, you have an Application Management

    Application management in Azure Active Directory (Azure AD) is the process of creating, configuring, managing, and monitoring applications in the cloud.

    Hope this helps,
    Carlos Solís Salazar


    Please "Accept as Answer" and Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.

    0 comments No comments