If you have the required attributes on in-prem AD you could get MIM to create a text file of changes and use powershell to read it and push the extension attribute updates to AAD. Or use a powershell MA to get syncs and act on them, although I suspect threading might be an issue as I think MIM doesn't wait long for a MA to do stuff. Probably a simple MA that just creates a text file of changes and let something else read it at its leisure and push the extension changes to AAD.
cheers,
Alistair
________________________________________
From: Discussion for MS IDM tools liks ILM and FIM <[log in to unmask]> on behalf of Alistair Young <[log in to unmask]>
Sent: 20 October 2021 12:45
To: [log in to unmask]
Subject: Re: OpenAthens - from AD FS to Azure AD - Custom Claims Maintenance?
Warning. This email did not originate from the University.
You should only open any links or attachments if you are certain this email is genuine and the content is safe.
Warning. This email contains web links and originates from outside of the University.
You should only click on these links if you are certain that the email is genuine and the content is safe.
it's early days just now as we're transitioning the student records system to the cloud which can publish events via Event Grid. It's a possible solution. As data is updated and comes out as events, they will be processed and added to AAD. It'll be a complimentary process to MIM which will manage on-prem stuff.
cheers,
Alistair
________________________________________
From: Discussion for MS IDM tools liks ILM and FIM <[log in to unmask]> on behalf of Anwar Mahmood <[log in to unmask]>
Sent: 20 October 2021 12:43
To: [log in to unmask]
Subject: Re: OpenAthens - from AD FS to Azure AD - Custom Claims Maintenance?
You don't often get email from [log in to unmask] Learn why this is important<http://aka.ms/LearnAboutSenderIdentification>
Warning. This email contains web links and originates from outside of the University.
You should only click on these links if you are certain that the email is genuine and the content is safe.
Thanks Alistair.
How are you planning to maintain attributes?
At this stage, my thoughts are a crude version of what MIM does;
1. Read record from database[s].
2. Found in Azure AD?
3. Matches? Do nothing.
4. Doesn't match? Update Azure AD.
Means it's only accurate for each sync, which will probably be nightly. Think that's going to be OK.
Kind regards,
Anwar
________________________________
To unsubscribe from the MICROSOFT-IDENTITY list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/WA-JISC.exe?SUBED1=MICROSOFT-IDENTITY&A=1
########################################################################
To unsubscribe from the MICROSOFT-IDENTITY list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/WA-JISC.exe?SUBED1=MICROSOFT-IDENTITY&A=1
This message was issued to members of www.jiscmail.ac.uk/MICROSOFT-IDENTITY, a mailing list hosted by www.jiscmail.ac.uk, terms & conditions are available at https://www.jiscmail.ac.uk/policyandsecurity/
########################################################################
To unsubscribe from the MICROSOFT-IDENTITY list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/WA-JISC.exe?SUBED1=MICROSOFT-IDENTITY&A=1
This message was issued to members of www.jiscmail.ac.uk/MICROSOFT-IDENTITY, a mailing list hosted by www.jiscmail.ac.uk, terms & conditions are available at https://www.jiscmail.ac.uk/policyandsecurity/
|