Azure AD On-Premises Application Identity Provisioning

Using’s Azure AD’s provisioning engine to synchronise identity data to on-premises applications with SQL or LDAP-based user stores.

High-Level Overview

1. Provisioning Agent and Connector
   • Facilitates connection between on premise and Azure AD.
2. Connector Host
   • Acts as the translation service between the SCIM issued request and the target Application’s User Store capabilities (SQL or LDAP).
3. Application Provisioning
   • Settings within the Enterprise Application’s provisioning settings define authorisation to the host, scoping settings (what kind of users / groups should be provisioned) and the attribute mappings between the two (i.e. UPN linking to username in the target application).

Further information

https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/on-premises-application-provisioning-architecture