Skip to main content

Automation on fetching user accounts for Azure

To automatically fetch user accounts into Azure (e.g., for Azure Active Directory / Microsoft Entra ID) without manually importing them, your approach depends on the source of the user accounts. Below are common scenarios and how to automate the sync:

From On-Premises Active Directory

Use Azure AD Connect to automatically sync users from on-premises AD to Azure AD.

Steps:

  1. Install Azure AD Connect on your on-prem AD server.

  2. Configure it to:

    • Use password hash synchronization or pass-through authentication.

    • Enable automatic synchronization.

  3. Azure AD Connect will:

    • Regularly sync users, groups, and passwords to Azure AD automatically.

    • No manual importing needed after setup.

From a Third-Party HR System or App (e.g., Workday, SAP, etc.)

Use provisioning connectors available in Microsoft Entra (Azure AD).

Steps:

  1. Go to Entra ID > Enterprise Applications > Your App > Provisioning.

  2. Configure automatic user provisioning with the source system.

  3. Provide credentials/API endpoints of the source system.

  4. Define mappings for user properties.

Works for Workday, SuccessFactors, SAP, Oracle, etc.

From CSV/Flat Files in a Scheduled Way

Use PowerShell or Azure Automation to import from CSV regularly.

Option A: PowerShell Script (with schedule)

  • Write a script using Import-Csv + New-AzureADUser or Set-AzureADUser.

  • Schedule it using Task Scheduler or Azure Automation.

 Option B: Logic Apps or Power Automate

  • Use a Logic App to watch for a file in OneDrive, SharePoint, or Blob Storage.

  • Parse it and create/update users in Azure AD via Microsoft Graph API.

Via Microsoft Graph API

If user accounts are coming from a custom app or identity source, use Graph API to programmatically sync them.

Key Points:

  • Write a script or backend app that calls POST https://graph.microsoft.com/v1.0/users.

  • Authenticate using client credentials flow (service principal).

  • Automate the execution on a schedule.

Notes:

  • You need proper permissions: User administrator or Global administrator in Azure AD.

  • Use SCIM provisioning if the third-party app supports it.

No Comments
Back to top