แก้ไข

แชร์ผ่าน


Provisioning with the custom connectors

Microsoft Entra ID includes connectivity to provision into applications that support the following protocols and interfaces:

For connectivity to applications that don't support one of the aforementioned protocols and interfaces, customers and partners have built custom ECMA 2.0 connectors for use with Microsoft Identity Manager (MIM) 2016. These same ECMA2 connectors can be used to provision into apps with the Microsoft Entra provisioning agent and Extensible Connectivity(ECMA) Connector host, without needing MIM sync deployed.

Exporting and importing a MIM connector

If you have a custom ECMA 2.0 connector in MIM, you can export its configuration by following the instructions here. You need to save the XML file, the DLL, and related software for your connector.

To import your connector, you can use the instructions here. You will need to copy the DLL for your connector, and any of its prerequisite DLLs, to that same ECMA subdirectory of the Service directory. After the xml has been imported, continue through the wizard and ensure that all the required fields are populated.

Updating a custom connector DLL

When updating a connector with a newer build, ensure that the DLL is updated in all the required locations. Use these steps to properly update your custom connector DLL:

  1. Close the Microsoft ECMA2Host Configuration Wizard.
  2. Stop the Microsoft ECMA2Host service.
  3. Manually update the custom connector DLL into each of the following folders.
    1. ECMA
    2. ECMA > Cache > {connector name}
    3. ECMA > Cache > {connector name} > AutosyncService
  4. Start the Microsoft ECMA2Host service.

Note

If multiple connectors are using the same custom DLL, you will need to complete step 3.ii and 3.iii for each connector.

Troubleshooting

Custom connectors built for MIM rely on the ECMA framework. If you are having difficulties importing and using a connector, please ensure that you are following best practices:

  • Ensuring that methods in your connector are declared as public
  • Excluding prefixes from method names. For example:
    • Correct: public Schema GetSchema (KeyedCollection<string, ConfigParameter> configParameters)
    • Incorrect: Schema PrefixGetSchema.GetSchema (KeyedCollection<string, ConfigParameter> configParameters)

The following table includes capabilities of the ECMA framework that differ between MIM and the Microsoft Entra provisioning agent. For a list of known limitations for the Microsoft Entra provisioning service and on-premises application provisioning, see here.

Capability Comments
Object type Provisioning agent permits one object type
Partitions Provisioning agent permits one partition
Hierarchies Not used by provisioning agent
Full export Not used by provisioning agent
ExportPasswordInFirstPass Not supported
Normalizations Not used by provisioning agent
Concurrent operations Not used by provisioning agent
DeleteAddAsReplace Not used by provisioning agent

Next steps