High-Level Overview

Using’s Azure AD’s provisioning engine to synchronise identity data to on-premises applications with SQL or LDAP-based user stores.

OnPremises Application Identity Provisioning - No SCIM

  1. Provisioning Agent and Connector
    • Facilitates connection between on premise and Azure AD.
  2. Connector Host
    • Acts as the translation service between the SCIM issued request and the target Application’s User Store capabilities (SQL or LDAP).
  3. Application Provisioning
    • Settings within the Enterprise Application’s provisioning settings define authorisation to the host, scoping settings (what kind of users / groups should be provisioned) and the attribute mappings between the two (i.e. UPN linking to username in the target application).

Further information

https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/on-premises-application-provisioning-architecture