Редагувати

Поділитися через


Partner-driven provisioning integrations

The Microsoft Entra provisioning service allows you to provision users and groups into both SaaS and on-premises applications. There are four integration paths:

Option 1 - Microsoft Entra Application Gallery: Popular third party applications, such as Dropbox, Snowflake, and Workplace by Facebook, are made available for customers through the Microsoft Entra application gallery. New applications can easily be onboarded to the gallery using the application network portal.

Option 2 - Implement a SCIM compliant API for your application: If your line-of-business application supports the SCIM standard, it can easily be integrated with the Microsoft Entra SCIM client.

Diagram showing implementation of a SCIM compliant API for your application.

Option 3 - Use Microsoft Graph: Many new applications use Microsoft Graph to retrieve users, groups and other resources from Microsoft Entra ID. You can learn more about what scenarios to use SCIM and Graph in.

Option 4 - Use partner-driven connectors: In cases where an application doesn't support SCIM, partners have built custom ECMA connectors and SCIM gateways to integrate Microsoft Entra ID with numerous applications. This document serves as a place for partners to attest to integrations that are compatible with Microsoft Entra ID, and for customers to discover these partner-driven integrations. Custom ECMA connectors and SCIM gateways are built, maintained, and owned by the third-party vendor.

Diagram showing gateways between the Microsoft Entra SCIM client and target applications.

Available partner-driven integrations

The following descriptions and lists of applications are provided by the partners themselves. You can use the lists of applications supported to identify a partner that you may want to contact and learn more about.

Aquera

Description

Aquera is a leading provider of SCIM Gateway Services for Microsoft Entra. The SCIM Gateway for Microsoft Entra from Aquera is a cloud-based service providing out-of-the-box connectivity between Microsoft Entra ID and the provisioning target applications, directories, databases, devices, or third party identity providers (IDPs) that an organization or their partners operate, which are not covered by the Microsoft Entra application gallery. The Aquera SCIM Gateway powers Microsoft Entra ID to create, update, deactivate, and delete user accounts via Aquera connectors in any cloud or on-premises application, database, directory, device, or third party IDP via the Microsoft Entra ID SCIM protocol. Aquera has a catalog of over 800 connectors covering these targets, builds additional connectors on-demand, and offers a self-service connector builder for customers to build their own connectors for the Aquera SCIM Gateway. The Aquera connectors support the various integration methods required by each target including REST, SQL, LDAP, SOAP, SCIM not compatible with Microsoft Entra ID, or web service APIs, admin console automation, SDKs, code libraries, and files via FTP and local file shares. Aquera also supports over 40 inbound provisioning HR Information System (HRIS) sources of record for Microsoft Entra ID, and further provides deep integration with all the major IT Service Management systems (ITSMs) supporting automatic generation of joiner, mover, and leaver work tickets in the ITSMs, and fulfilling ITSM self-service access requests via Microsoft Entra ID.

Contact Information

  • HRIS Applications: Over 40 including Oracle Cloud HCM, Dayforce, UKG Pro/Ready/Pro Workforce, ADP (all US and international versions), Workday, SAP HR, Greenhouse, iCIMS, SuccessFactors, HiBob, BambooHR, Paylocity, Paycor, PeopleSoft, Cornerstone, Lever
  • ERP Applications: Netsuite, Oracle Cloud ERP, Oracle EBS, SAP ERP Central Component (ECC), SAP S/4HANA, Sage Intacct, PeopleSoft ERP
  • EHR Applications: Epic, Cerner, PointClickCare, MyAvatar, Homecare Homebase
  • Student Information Systems: Ellucian Banner, PeopleSoft Campus Solutions
  • Databases: Oracle, MySQL, SQLServer, MongoDB, PostgreSQL, AS/400 DB2, DB2, Snowflake, Redshift
  • Directories and IDPs: AS/400, Resource Access Control Facility (RACF), ACF2, TopSecret, OpenLDAP, IDP Directories

IDMWORKS

Description

We Are Experts In Identity & Access Management and Data Center Management. The Microsoft Entra platform integrates with IDMWORKS IdentityForge (IDF) Gateway for user lifecycle management for Mainframe systems RACF, Top Secret, and ACF2, Midrange system AS/400, Healthcare applications EPIC and Cerner, Linux and Unix servers, Databases, and dozens of on-premises and cloud applications. IdentityForge provides a central, standardized integration engine and modern identity store that serves as a trusted source for all lifecycle management. The IDF Gateway for Microsoft Entra ID provides lifecycle management for import sources and provisioning target systems that are not covered by the Microsoft Entra connector portfolio like Mainframe systems RACF, Top Secret, and ACF2, or Healthcare applications EPIC and Cerner. The IDF Gateway powers Microsoft Entra identity lifecycle management (LCM) to continuously synchronize user account information from Mainframe and Healthcare sources and to automate the account provisioning lifecycle use cases like create, read or import, update, deactivate, delete user accounts, and perform group management.

Contact information

Leading provider of Mainframe, Healthcare and ERP integrations. More can be found at https://www.idmworks.com/identity-forge/

  • IBM RACF
  • CA Top Secret
  • CA ACF2
  • IBM i (AS/400)
  • HP NonStop
  • EPIC
  • SAP ECC

KloudIdentity

Description

KloudIdentity streamlines enterprise operations by simplifying the onboarding process of on-premises Line of Business (LOB) applications and facilitating outbound provisioning of users and groups through Microsoft Entra ID. It serves as a SCIM gateway, enabling non-SCIM compliant LOB applications to seamlessly integrate with Microsoft Entra ID. This application is founded upon a unique design paradigm known as the universal connector space, which offers a standardized platform for creating connectors for various LOB applications through a template-driven approach. This methodology significantly reduces lead time and costs associated with onboarding non-SCIM compliant LOB applications to Microsoft Entra ID for outbound provisioning.

Integration with LOB applications is primarily achieved through REST APIs, with support also extended to SOAP APIs and PowerShell scripts. Administrators can easily configure attribute mapping templates using a user-friendly web portal. Beyond graphical UI-driven attribute mapping, KloudIdentity offers a customizable policies-based approach, allowing for the configuration of highly tailored sequences of attribute mapping and payload generation.

Furthermore, KloudIdentity provides a Software Development Kit (SDK) to customize the standard connector platform, addressing complex and advanced integration scenarios. This SDK empowers users to make code modifications within the KloudIdentity framework safely and efficiently, enabling seamless integration of LOB applications for users and groups provisioning. The SCIM gateway can be deployed either as a cloud-based solution or within on-premises data centers, supporting a range of deployment options from conventional Internet Information Services (IIS) setups to Kubernetes orchestrated environments

Contact information

KloudIdentity provides a universal connector platform; Hence any LOB application can be integrated with REST or SOAP APIs, PowerShell scripts, and SDK approach.

Traxion SCIM Gateway

Description

At Traxion, we believe that industry-wide standardization plays a big role in the future of Identity and Access Management (IAM). We are determined to help our customers achieve their security goals through the use of best practices and common standards. System for Cross-domain Identity Management (SCIM) is such a standard.

Companies deploying an IGA system are challenged with how hard it can be to connect applications for synchronizing users, groups and other data entities. The process of connecting and maintaining application integrations has proven to be a challenging, time-consuming, and costly process; not only for the companies deploying an IAM system but also for application vendors and integrators. It is especially tough when connecting an application that does not support a common standard such as SCIM 2.0. By using our SCIM Gateway we enable our customers to leverage the benefits of a standardized integration by reducing lead times and overall costs.

Our SCIM Gateway is an easy, secure and standardized solution, that will enable you to synchronize all identity and access information with any non-natively SCIM supporting application.

Integrations include:

  • AFAS Profit
  • Splunk
  • ATS
  • Oracle ERP
  • SAP SuccessFactors
  • Tempus Resources
  • Generic connectors (CSV, SQL)
  • Develop your own connector using our public SDK

Contact information

UNIFY Solutions

Description

UNIFY Solutions is a leading provider of Identity, Access, Security, and Governance solutions.

Contact information

  • Aurion People & Payroll
  • Frontier Software chris21
  • TechnologyOne HR
  • Ascender HCM
  • Fusion5 EmpowerHR
  • SAP ERP Human Capital Management

Custom connectors

Microsoft Entra ID includes connectivity to provision into applications that support protocols and interfaces including SCIM, SQL, LDAP, REST, SOAP, and PowerShell. For connectivity to applications that don't support one of those protocols and interfaces, customers and partners have custom Extensible Connectivity (ECMA) connectors for use with Microsoft Identity Manager (MIM) 2016. Community members have also built ECMA connectors, hosted on their blogs and in public source code repositories. These same ECMA2 connectors can be used to provision into apps with the Microsoft Entra provisioning agent and Extensible Connectivity (ECMA) Connector host, without needing MIM sync deployed. For more information, see provisioning with the custom connectors.

If you have been using a custom connector with MIM, then you can export the MIM connector configuration and import it into Microsoft Entra.

How-to add partner-driven integrations to this document

If you have built a SCIM Gateway and would like to add it to this list, follow the steps below.

  1. Review the Microsoft Entra SCIM documentation to understand the Microsoft Entra SCIM implementation.
  2. Test compatibility between the Microsoft Entra SCIM client and your SCIM gateway.
  3. Click the pencil at the top of this document to edit the article
  4. Once you're redirected to GitHub, click the pencil at the top of the article to start making changes
  5. Make changes in the article using the Markdown language and create a pull request. Make sure to provide a description for the pull request.
  6. An admin of the repository will review and merge your changes so that others can view them.

Guidelines

  • Add any new partners in alphabetical order.
  • Limit your entries to 500 words.
  • Ensure that you provide contact information for customers to learn more.
  • To avoid duplication, only include applications that don't already have out of the box provisioning connectors in the Microsoft Entra application gallery.

Disclaimer

For independent software vendors: The Microsoft Entra Application Gallery Terms & Conditions, excluding Sections 2–4, apply to this Partner-Driven Integrations Catalog (the “Integrations Catalog”). References to the “Gallery” shall be read as the “Integrations Catalog” and references to an “App” shall be read as “Integration”.

If you don't agree with these terms, you shouldn't submit your Integration for listing in the Integrations Catalog. If you submit an Integration to the Integrations Catalog, you agree that you or the entity you represent (“YOU” or “YOUR”) is bound by these terms.

Microsoft reserves the right to accept or reject your proposed Integration in its sole discretion and reserves the right to determine the manner in which Apps are presented, promoted, or featured in this Integrations Catalog.