{ "componentChunkName": "component---src-templates-docs-js", "path": "/connectorconfig/microsoft/5-azuread", "result": {"data":{"site":{"siteMetadata":{"title":"OpenIAM Documentation v2026.5.2 | OpenIAM","docsLocation":""}},"mdx":{"fields":{"id":"a3a5c5ce-1f69-51b4-94ef-17fef5526cf7","title":"Entra ID/O365 connector","slug":"/connectorconfig/microsoft/5-azuread"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n \"title\": \"Entra ID/O365 connector\",\n \"metaTitle\": \"Entra ID/O365 connector\",\n \"metaDescription\": \"This page describes how to enable provisioning to Entra ID and Office365\"\n};\n\nvar makeShortcode = function makeShortcode(name) {\n return function MDXDefaultShortcode(props) {\n console.warn(\"Component \" + name + \" was not imported, exported, or provided by MDXProvider as global scope\");\n return mdx(\"div\", props);\n };\n};\n\nvar Link = makeShortcode(\"Link\");\nvar layoutProps = {\n _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n var components = _ref.components,\n props = _objectWithoutProperties(_ref, _excluded);\n\n return mdx(MDXLayout, _extends({}, layoutProps, props, {\n components: components,\n mdxType: \"MDXLayout\"\n }), mdx(\"div\", {\n style: {\n \"border\": \"3px solid #FF0000\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#FF0000\",\n \"fontWeight\": \"bold\"\n }\n }, \"Deprecated. To manage Azure identities please use \", mdx(\"a\", {\n href: \"14-psgraph\"\n }, \"Microsoft PS Graph connector\"), \".\")), mdx(\"h1\", null, \"General information\"), mdx(\"p\", null, \"The Entra ID connector allows OpenIAM to manage objects inside Entra ID - users, groups, memberships and license assignment. It also allows us to manage O365.\"), mdx(\"div\", {\n style: {\n \"border\": \"1px solid #169998\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#169998\",\n \"fontWeight\": \"bold\"\n }\n }, \"Note:\"), \" Entra ID is previously known as Azure AD.\"), mdx(\"p\", null, \"Microsoft Entra provides various services in the cloud that are analogous to on-premise ones. If you need to manage identities of some particular service, please refer to the appropriate connector. For example, for managing Exchange mailboxes either on-premise or online you have to use the \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"6-exchange\"\n }, mdx(\"strong\", {\n parentName: \"a\"\n }, \"Exchange connector\")), \".\"), mdx(\"h2\", null, \"Service account information\"), mdx(\"p\", null, \"During Managed System configuration inside the OpenIAM \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"/webconsole\"), \" section you should set the Login ID, which will be used as a service account for OpenIAM.\"), mdx(\"div\", {\n style: {\n \"border\": \"1px solid #169998\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#169998\",\n \"fontWeight\": \"bold\"\n }\n }, \"Please note:\"), \" that the service account should be set as a primary account address that has email format. For example, 'serviceaccount@openiamdemo.com'.\"), mdx(\"p\", null, \"The Service account you use should have rights to create users in Entra, modify their properties and perform any actions that you would like the connector to do.\"), mdx(\"h1\", null, \"Requirements\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \".NET 4.7.2 or above (requirement of \", mdx(\"a\", {\n parentName: \"li\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-4.8.0\"\n }, \"Az\"), \" module)\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"The connector works with PowerShell 5.1 \"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"For Windows 8.1, Windows 8, Windows 7 Service Pack 1 (SP1), Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 SP1, download and install the \", mdx(\"em\", {\n parentName: \"li\"\n }, \"Windows Management Framework 5.1\"), \".\")), mdx(\"p\", null, \"In addition to general connector requirements described in the \\\"\", mdx(Link, {\n to: \"/connectorconfig/microsoft/2-powershellconnectorsusage\",\n mdxType: \"Link\"\n }, \"PowerShell connector usage\"), \"\\\" document, the connector relies on following modules:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"MSOnline\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Entra ID\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Az\")), mdx(\"p\", null, \"To verify if you have the MSOnline module installed, please start the PowerShell console (please make sure that you are running x64 console) and run the following command:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Import-Module MSOnline\\n\")), mdx(\"p\", null, \"If you do not see any errors and you receive an empty output, you already have the MSOnline module installed and you can proceed to checking the next dependency. However, if this module is not installed, you would see an error that looks similar to:\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"622px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/a10169364366782104b97c93dab7155d/604ec/1.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"61.77606177606177%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAMCAYAAABiDJ37AAAACXBIWXMAAAsTAAALEwEAmpwYAAABAElEQVQoz82SfU+DMBCH+f5fzBijMUtcSEYytykEMxzQ0hegfQzIJirM7T8v+d3l2runl7ZBnJXssz1WKyohkEJQSclf5r3rHAzRNTWFbgmkdaTvBds44S1NCMOQ1zghWq2Iooin5ZI0TQeIP6nPj/pMKU1L0DmpNEJWaK1QSmGMQVUVUspe1tpvwJ/w49oJeIkdm87tjYD+14lTE8xBJyccN15r/wM49xhffX4aeMldzlkPFBe+8mhU8uJAkR/QWmOMRghBbTRl97Fz3VK3Hts4bOPPyPV1yjbcLxbc3N4Rrbc87154eFyw3uzIZE3QFevGYa5Q4+llHdgW6iF2rA+o56/pTWf+IwAAAABJRU5ErkJggg==')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"No MSOnline module installed\",\n \"title\": \"No MSOnline module installed\",\n \"src\": \"/docs-2026.5.2/static/a10169364366782104b97c93dab7155d/604ec/1.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/a10169364366782104b97c93dab7155d/a2ead/1.png 259w\", \"/docs-2026.5.2/static/a10169364366782104b97c93dab7155d/6b9fd/1.png 518w\", \"/docs-2026.5.2/static/a10169364366782104b97c93dab7155d/604ec/1.png 622w\"],\n \"sizes\": \"(max-width: 622px) 100vw, 622px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"In this case you need to install this module by running (using x64 PowerShell console):\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Install-Module MSOnline\\n\")), mdx(\"p\", null, \"You will need to agree on the installation by pressing 'Y' as a confirmation.\"), mdx(\"div\", {\n style: {\n \"border\": \"1px solid #169998\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#169998\",\n \"fontWeight\": \"bold\"\n }\n }, \"Note:\"), \" If installation using the command above causes errors, most probably you are not using TLS 1.2. Microsoft enforced it to be default protocol for downloading NuGet packages, however, it does not go by default in some of the PowerShell sessions. To switch to TLS 1.2 you should run first:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\\n\")), mdx(\"p\", null, \"After that you can proceed installing modules.\"), mdx(\"p\", null, \"When you checked that the MSOnline module is installed you need to make sure that the EntraID module is available as well.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-InstalledModule -Name AzureAD\\n\")), mdx(\"p\", null, \"Again, if you see an error after running the command above, you should install this module using:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Install-Module -Name AzureAD\\n\")), mdx(\"p\", null, \"Checking if Az module is installed:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-InstalledModule -Name Az\\n\")), mdx(\"p\", null, \"If the module is not installed, you should install it:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Install-Module -Name Az\\n\")), mdx(\"h2\", null, \"Installation and connection to OpenIAM\"), mdx(\"p\", null, \"All PowerShell connectors are installed in the same way, which is described in the document: \", mdx(Link, {\n to: \"/connectorconfig/microsoft/1-powershellconnectorinstallation\",\n mdxType: \"Link\"\n }, \"PowerShell connector installation\")), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"p\", {\n parentName: \"li\"\n }, \"General usage. All PowerShell connectors are used in the same way, which is described in the document: \", mdx(Link, {\n to: \"/connectorconfig/microsoft/2-powershellconnectorsusage\",\n mdxType: \"Link\"\n }, \"PowerShell connector usage\"))), mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"p\", {\n parentName: \"li\"\n }, \"Connecting to your directory. To connect OpenIAM to the Entra/O365 service using the connector you need to specify the service account on the Managed System configuration page. This service account should have sufficient privileges to perform actions that you would like to do using PowerShell connector.\"))), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"614px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/58c9f04e13afeffd1f0b42d80e916fd2/e9131/2.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"77.99227799227799%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAAAsTAAALEwEAmpwYAAACG0lEQVQ4y5WTS2/TQBRG8///AAskugIJEAsqQAWxAUFZtZCGPJpWieI4fow9DzseJ5k8DrJT2oYGWkY6Gl/P+Ltz73xu9IY+k0gymsSEiSIUGi8QjANBXjpKt8YudpmtIJ+5bezWlG6DLBbMlxsa/thjOBgwHo3w/TGe52GLgtIWrNcrtmNzC7B5wdI5lssV1lpskRNEgsUKGrOyxJ9MiKIIkSREccx94/TTKS9efeXwY4unz99y8OSAR48P6nQN5xbb3JvNNc45FotFPc/nc2az2Q5FWeL5giCShFFKGIq6bTO3ohHHEZ3uOb3zPu12l06nWz9fXFzS7faIY4HWGqXUNVWc5xlZZsiyjGmeIaTGzh2NTCumOqXQKVOV1FiTYlRKHMf1x8aYO2h9Q2YMcaq2gkGc8uEs4F0z4qgZ8L4Z8PrE58cgJjOaVErSNEVKuZdqzWh1I1hZ5NnnPi+PBxyeTDhqJbxpCs48zby0FEXxb6xlOs1vBCv1Yb/LZe8nuRQ4m9XY3NTlPoSdkk31Ip/WKG1QSqOuNu7r3Z1eGnNX8Ha2h4jsXo7eJ/jw8u4v2fz/qf5kK3jlQ1Vfv/qrLX5T9bWak1SSKk0iVW0pqRTVoSr7XZUs0Vrtp9qsNf54TPPHd3r9S761Rxwdt/jSGjEOBb1Ou14bej52vqQhs4L7SPSUQChimRGpHF8oQpmTmIIo1YRC1nH1L/8CO4S3PBpAty4AAAAASUVORK5CYII=')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"No MSOnline module installed\",\n \"title\": \"No MSOnline module installed\",\n \"src\": \"/docs-2026.5.2/static/58c9f04e13afeffd1f0b42d80e916fd2/e9131/2.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/58c9f04e13afeffd1f0b42d80e916fd2/a2ead/2.png 259w\", \"/docs-2026.5.2/static/58c9f04e13afeffd1f0b42d80e916fd2/6b9fd/2.png 518w\", \"/docs-2026.5.2/static/58c9f04e13afeffd1f0b42d80e916fd2/e9131/2.png 614w\"],\n \"sizes\": \"(max-width: 614px) 100vw, 614px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"ol\", {\n \"start\": 3\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Defining attribute provisioning rules. The Entra/O365 PowerShell connector supports working with the following identities:\")), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Users\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Groups (Security, Distribution (Exchange online), MailEnabledSecurity, Office365)\")), mdx(\"ol\", {\n \"start\": 4\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"User provisioning.\")), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Principal\"), \" - UserPrincipalName\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"NB!\"), \" It is required on the Microsoft side that during user creation we specify DisplayName and Usage Location for the new user. If those parameters are not set the DisplayName will be set the same as UserPrincipalName and UsageLocation \\u2013 \\u2018US\\u2019 by default. You can override those settings by sending attributes with appropriate names.\")), mdx(\"p\", null, \"You can specify following attributes inside the policy map.\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Parameter\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Description\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Required\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Values\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"UserPrincipalName\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user ID for this user. This is required.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String in UPN format\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"AlternateEmailAddresses\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies alternate email addresses for the user. Please note that though this parameter sounds plural, Microsoft currently allows only one alternate email address. This parameter is intended for admin users and serves as a password recovery feature if the admin forgets his/her password and is not normally used for regular users.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String in UPN format\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"AlternateMobilePhones\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies alternate mobile phone numbers for the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String or comma separated string\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"BlockCredential\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether the user is not able to log on using their user ID.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True or False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"City\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the city of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Country\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the country or region of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Department\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the department of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"DisplayName\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the display name of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Fax\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the fax number of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"FirstName\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the first name of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"ImmutableID\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the immutable ID of the federated identity of the user. This should be omitted for users with standard identities.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"LastName\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the last name of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"LicensesToAssignJson\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Contains information about licenses that need to be assigned for the current user. Detailed explanation about the format of this parameter is given next to this table.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"LicensesToRemoveJson\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Contains information about licenses that need to be removed from the current user. Please note, that this parameter is executed before \\u2018LicensesToAssignJson\\u2019. Detailed explanation about the format of this parameter is given next to this table.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"MobilePhone\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the mobile phone number of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Office\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the office of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Password\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the new password for the user. If the user is set to require a strong password, then all of the following rules must be met: The password must contain at least one lowercase letter; The password must contain at least one uppercase letter; The password must contain at least one non-alphanumeric character; The password cannot contain any spaces, tabs, or line breaks; The length of the password must be 8-16 characters; The user name cannot be contained in the password; If this value is omitted, then a random password is assigned to the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"PhoneNumber\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the phone number of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"PostalCode\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the postal code of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"PreferredDataLocation\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the preferred data location for the user. The following value could be used (Name \\u2013 Value for this location): Asia Pacific=APC; Australia=AUS; Canada=CAN; European Union=EUR; France=FRA; India=IND; Japan=JPN; Korea=KOR; United Kingdom=GBR; United States=NAM; Actual locations could be found in Microsoft documentation. If an invalid value is set the default location would be used. The India geo is only available to customers with billing address and licenses purchased in this geo. Not all Office 365 workloads support the use of setting a user's geo.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"State\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the state or province where the user is located.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"StreetAddress\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the street address of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"StrongPasswordRequired\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether to require a strong password for the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True or False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Title\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the title of the user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"UsageLocation\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the location of the user where services are consumed. Specify a two-letter country code.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"UserType\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user type. One of Microsoft.Online.Administration.UserType values. Example: Guest, Member\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")))), mdx(\"ol\", {\n \"start\": 5\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Working with license parameters. The connector is capable of setting any subset of licenses inside the global plan. For example.\")), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"750px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/2a52e94011d9d4461b817a2ff29faa12/1d69c/3.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"79.15057915057915%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAABYlAAAWJQFJUiTwAAADFElEQVQ4y32SXW/iRhSG+f+3rVSpUqXetBcrrdqbqqu92EDSBLAxsAQSEgP+Nja2Z8Y2hO8+lc1uuulFLT06M8f2Oe+8cxq/GSZTO2C2zDDDhOcgxgxTsu0ZsTt/iX+TvpxYlYeaZHMk2VT7Pcm6Wp8pt0da1o7G01IQOharOGYZBERhQBJHrOIIkaaINCGOQl42a74+p8OBtSo4n8/sdnuKouBFJXTmkoab70njJfEqIUlS0vTCMopYrRKiKCIIAsry34IqkXx43+SX3zXe/9Hlp59/5ccfvue7d1c0FmIDnDmeTnXHbzkcDhyPR06nE/v9nu12W7Pb7VB5iR8mpJkiTgRrJelYJY2JnxKHPq7r4TgunuexWFgEQYiUEiHEK9X+a04pRVnk5LlCqZz9Okd3FI3pUhI4NobRR9d7jMcTbMuuj1n99G3BuqiQyP/k0kzwkgt0R9KYRhKRxJizOb7nY9sOWZax2Wxqs/+PsrxElRdsS4lmy4tCkawYje55mDwwmUx4eHjEtm0W8wWObWM+m5jmDMdxaipbqsaWZbFYLLBsh02lsCr4FCuWvs/Vpyat5jXNqyZ9o89w+Bmt22X0eYSuGwz6A/qGwf39mOFgiNEz6PUMtK7Gszljt87pLgSNx6WgkAI/COrO1WXkeU5Zlq8UZXGJb45bsl5fclLlbAuJVhWsPIwDn25Xr9X0jQGapqNreq2iotPu0u5069ygP6Td7qBpvVrd/Wj8WrBnq4tCe2Zyd9um0+5w3brh5uYvOp0urdY1N62bOn93164tad+1ufp0haZpDAeD2tvqUl4KiV4VrBRWQ1mZ7Hk+nnuZxWomXdfFsZ06+n5QX0g1r7ZlEYYXa+q5lPKi0FU0xkFKLgWZVPWLt6gvSFSek1d+SYXMC4TKSbOMLBP1N5XCtpXRMCPBvpAUSlAqSfkaL+t1LslFysI0mT89MneX6OM5neETppeQrSIexveE1jPt5xWNj4uMcZDR9zMGFd5bhl6GYSfcTj1uHx1a0yUfRj5/Dl2a0xh9tqQ1sug9ubwzIv4BSkeU4E/79TsAAAAASUVORK5CYII=')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Licensing parameters\",\n \"title\": \"Licensing parameters\",\n \"src\": \"/docs-2026.5.2/static/2a52e94011d9d4461b817a2ff29faa12/1d69c/3.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/2a52e94011d9d4461b817a2ff29faa12/a2ead/3.png 259w\", \"/docs-2026.5.2/static/2a52e94011d9d4461b817a2ff29faa12/6b9fd/3.png 518w\", \"/docs-2026.5.2/static/2a52e94011d9d4461b817a2ff29faa12/1d69c/3.png 750w\"],\n \"sizes\": \"(max-width: 750px) 100vw, 750px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"The connector can assign a whole license pack (like E1, E3 etc.) and also supports partial licensing (for example, assigning E1 with some features disabled). To assign the license the connector should receive attribute \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"LicensesToAssignJson\"), \", and for license removal \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"LicensesToRemoveJson\"), \". If set, removing licenses will be executed before assigning by connector (because some of the licenses cannot coexist, for example E1 and E3).\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Handling license assignment\"), \" - LicensesToAssignJson uses the following format:\")), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"599px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/292365446e6eaa0f32c80841b2817a0f/43142/4.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"77.60617760617761%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAAAsTAAALEwEAmpwYAAACkElEQVQ4y3VTTW+bQBD1/z9UPfQP5Fiph9yrSq3US6UY4zjGxh+A+fICy/Kx2BDbyatmsJ3GUZGeZpbdmX3vMQxWkcQBwP7Yoz312B1eobsTdPdyjm/57gRU7ZHz5vmFz0rdcT7YJgIyS5GlKaTMILYxo9Ea/fN6A6ApNbp9i+PxBK01dF0himM0zycM2raFEAJS5lBKIY5jhm4a/O95/D3G16+/cP99gm/3P3B3d4dPn78w48F+v0fXdaDGhMPhgMPxyDnd3jTNFfocq1rDDxNE2xQikYjiBCLNUbdHDDzPgz23Yds21us1ZrMZJpMJHMdFWZYoiuIDyrJgmXVdoaoqaF0jVwXKpsOgLAp+ScUUqYCk07qu694jrTkn0JlbUGOZq74hMSF2i8WCMZ/bcNYOFvYC06nFe5Y1g2VZ8H2fL6ILb1lzw12HAR2azeZYLpdc4Loug+TT+lJMMcsySCk/IJcSmcz7hpvNBk9PT3BdjzdHIxMjw8R4PGaGnreBbS9AXr95WH7AlSEVkJwwjFBVJX8QY2RyHJkm6EJqFobh1eM8z99BqRwiSXsPN2cGShVQeQ7DMPDwMMRw2Efyz3EctsA6Myb5t5KTTL4x9P2A54s2qYjY0p9DngVBwOsoijhP0vQ6FRfQWl7GhiTN53NEUcw3G0ODGa+WS6xWq2vRxbtesmQ1/8q+fpQkSbiZSBLeECJBemZHvyPNIDEgBTSHZVWj0g0KijSbWmO32yHLFYqmpcFWqGlAywJ9XsJ1HDyOxzDNEazpFEHgwzRNrNcrDO0AP/9M8DDbwI9TrJcLjAyDbWOG27xCoup3CISEGwrGJk4RpQpelPD7RaQw9VLYoUKYVQhEBi8U8AVJfsZffyKpQUJ/TIQAAAAASUVORK5CYII=')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"License assignment JSON\",\n \"title\": \"License assignment JSON\",\n \"src\": \"/docs-2026.5.2/static/292365446e6eaa0f32c80841b2817a0f/43142/4.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/292365446e6eaa0f32c80841b2817a0f/a2ead/4.png 259w\", \"/docs-2026.5.2/static/292365446e6eaa0f32c80841b2817a0f/6b9fd/4.png 518w\", \"/docs-2026.5.2/static/292365446e6eaa0f32c80841b2817a0f/43142/4.png 599w\"],\n \"sizes\": \"(max-width: 599px) 100vw, 599px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"For example\"), \": [{\\\"LicenseName\\\":\\\"openiamdemocloud:ENTERPRISEPACK\\\",\\\"DisabledPlans\\\":\", \"[\\\"SWAY\\\",\\\"FLOW_O365_P2\\\"]\", \"},{\\\"LicenseName\\\":\\\"openiamdemocloud:POWER_BI_STANDARD\\\",\\\"DisabledPlans\\\":\", \"[\\\"BI_AZURE_P0\\\"]\", \"}]\"), mdx(\"p\", null, \"In this example, we are setting the E3 license with disabled SWAY and FLOW_O365_P2 and PowerBI license with disabled \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"BI_AZURE_P0\"), \". License name is specific to your organization, as you can see it starts with an organization name prefix and ends with the license name. If you are not sure what license names your organization has, you can run the following commands and they will show available license names that could be applied in parameter above.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Connect-MsolService\\nGet-MsolAccountSku\\n\")), mdx(\"p\", null, \"If you need to keep the whole package enabled you should leave DisabledPlan as an empty array ([]).\"), mdx(\"p\", null, \"If you currently have one set of disabled plans and you need to enable them but disabled another other set of plans, you just set the final list that should be disabled to the DisabledPlans and all plans that belong to the package but not listed there will be enabled.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"Handling license removal:\"), \" - \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"LicensesToRemoveJson\"), \" uses the following format:\")), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"601px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/7bc35e4e80f79e43e501dc88d959d9a2/d8f62/5.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"78.76447876447877%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAAAsTAAALEwEAmpwYAAACFklEQVQ4y52Te4vTQBTF8+FF/CKiIgiCguCfFZJ1a4uPddO0Jdk2r0km88qzj+2RmTbY7m7dxcCPM4/LmZs7d6x5lMP1IywiAn+ZICIUYUKxiDOkVKDZ7FCvbk9oNzuzXrZrM+62QNltodotLMIVpJRo6xpd26KpKzR1jbqqDNjd4u63Xq1RyRKr9QZVVUMKjjgKUcgKlnYPggCz2QxhGGLiefAmE3jeFEFwA98P4LoulmGI3cEwTwu8f/kZbz6O8O6Dg1ev3+LZ8xf46c5g8bJFpbPRWdV77edN0+zXj+aaruvAhUJOuVEhFLgowasOVi5KFEUBzjkYY0b7cY/eF0IYpZQauI49xEshwDkDFSUsphosFksMBl/g2BewbQeXl0M4tgPbtjEejeE4DobDb3DdCXzfNyWYTqeYz+aI48TcgT7YGFJZmRPjOEaapkiSBCTLQAgx6DWtSZLus5HyBJ25hnF+MBSVCVRqf9u9PoQwv8bvYQzZkeFx7R6jN+0zO2N4P/CpPGr4P5w1PJfB0wzZaQ3/VfAe3W9K/kX261KaWGOYc2XaxjRxUZzCChSUmrbJsgwxyXET5wgiYjTJdJPnIIfW0l5WxkvQgqFg/A7MlCIlBN9//ML1tYvxNMLFlY9PgxG+/g5wFRAsl+G+6SceCFOwZL2Cfi36TT8EK/u9BrlskMkGVHUgQmtj9kXVolANRN3hD9QGs/V3sYO6AAAAAElFTkSuQmCC')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"License removal JSON\",\n \"title\": \"License removal JSON\",\n \"src\": \"/docs-2026.5.2/static/7bc35e4e80f79e43e501dc88d959d9a2/d8f62/5.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/7bc35e4e80f79e43e501dc88d959d9a2/a2ead/5.png 259w\", \"/docs-2026.5.2/static/7bc35e4e80f79e43e501dc88d959d9a2/6b9fd/5.png 518w\", \"/docs-2026.5.2/static/7bc35e4e80f79e43e501dc88d959d9a2/d8f62/5.png 601w\"],\n \"sizes\": \"(max-width: 601px) 100vw, 601px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"Example:\\n\", \"[{\\\"LicenseName\\\":\\\"openiamdemocloud:STANDARDPACK\\\"},{\\\"LicenseName\\\":\\\"openiamdemocloud:POWER_BI_STANDARD\\\"}]\"), mdx(\"p\", null, \"In this example, we are removing the E1 and PowerBI licenses completely. Please note that this attribute is responsible for complete license removal. In case you need to disable just several plans of the license please use the LicensesToAssignJson attribute with DisabledPlan array.\"), mdx(\"ol\", {\n \"start\": 6\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"SMTP Permissions\")), mdx(\"p\", null, \"To configure SMPT, several issues shall be checked. Here, if the security defaults enabled - regardless of other settings, SMTP protocol \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"will\"), \" be disabled. Before it was off by default, but now \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Microsoft sets it to on\"), \". \"), mdx(\"p\", null, \"Users can check whether it is on. This setting is located under \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"portal.azure.com\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Entra ID\"), \", as shown below.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"1035px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/c65f34f50955c61a27d033c6d54077fd/a3bed/Azure-properties.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"54.05405405405405%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAABJ0AAASdAHeZh94AAABjklEQVQoz3WSTU7DMBCFfU8kumbJKTgIFCgSQuICrFlU/G6AigWUQtu4tuOf2E6ch8ZV06pqR3pylGg+v3kT1rv6xtHNGIeDLxzfjnE+nONsyNEfclw8LHD1JDHY0uWjxPWLxMndDAdnIxycvuOwP0Kv/wFmtUbxOULgMzTBwjkHqrZts0DaUd3bxiN5ixQskjdg1hgovkBlHWLdZGAIAXWT4L1HSqmDbyulFkKWKIoCnHPMCw7mvIW2DqltEWOElBLW2qW7Daf7pIzDRBjYEPPlbDr5g5pNUVUVnLVQSmVgXddommavKAoykYzG69svZvMyG2CLhUCoXKbTiOTQGJOhdO4SfaOinlQTnLSMhkltc2ZUBKQGypEc7lfsgDnLbkkELMtlZmihpITWGlqbbuR90A6Y0jprGplrnbOjovxiDGjrmF3QkghKjatz9bzpcLNYaTR0WcL7ACEEuBAYTeYoRJndUgwEJlE0pF3A1daZMhpSCFTeQyuF4meK++cxrAvr4Le0CaG/Y7UDAv4DAghOiRNZ0cYAAAAASUVORK5CYII=')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Azure properties portal\",\n \"title\": \"Azure properties portal\",\n \"src\": \"/docs-2026.5.2/static/c65f34f50955c61a27d033c6d54077fd/e3189/Azure-properties.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/c65f34f50955c61a27d033c6d54077fd/a2ead/Azure-properties.png 259w\", \"/docs-2026.5.2/static/c65f34f50955c61a27d033c6d54077fd/6b9fd/Azure-properties.png 518w\", \"/docs-2026.5.2/static/c65f34f50955c61a27d033c6d54077fd/e3189/Azure-properties.png 1035w\", \"/docs-2026.5.2/static/c65f34f50955c61a27d033c6d54077fd/44d59/Azure-properties.png 1553w\", \"/docs-2026.5.2/static/c65f34f50955c61a27d033c6d54077fd/a3bed/Azure-properties.png 1721w\"],\n \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"Additionally, at \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"admin.microsoft.com\"), \" it is possible to check if the given service account has explicit permission to use SMTP. To check it, click to \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"account\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"mail\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"manage mail apps\"), \" like shown below.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"1035px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/51187277e5ef87dd9ad738ffc0383e02/21b4d/MSmail.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"41.31274131274131%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAABJ0AAASdAHeZh94AAABiElEQVQoz2WRS08bMRSF5ycXkaQL2m0yie2xPQ/PTNRuaBR2vBYNUFAXlQiLVkQswj8IElKLYJHMK3OQb9QoEEtHlq7tT+f4ODs7H/Cx1SS1mg3am41dfP60h2/7+zgYDlc6GGIwGGA8vsbZaISjw0OcnBzjbPQdlz8ucHF+TnI4F/A8D1JKRMYgDEN4nkQcx4iiCEEQIAhCmnMhMLkZo3p8xGL2gPlshvfL6bguXNcFYwxKKhgLUhpfGMdXLpCGEc2SJIXWCtd/7lBUNRaLOYqiQJ5nyPMceZahLEs4FtbpdFZApZDEMblKkgT9fh9pmpI7Y2JEgcbpr1v8fZnj+ekflsvltsN2u41ut0tArRS0H4IxDiEEtNbQvg8lJTwpIVgXRz9/42VRosgzVFVFkLqu13IsrNfrrYFhZMA5B2eMnBpjCGzdKylwdTNBVtYoi2INe+OQHnP+JrItyBZli1lFDii2Pb+/n9JDG/c/bBPqWNAm0EJ83yeA/UcrQ+0HdG863QZuOnwFXkzzjSKUaewAAAAASUVORK5CYII=')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"SMmail\",\n \"title\": \"SMmail\",\n \"src\": \"/docs-2026.5.2/static/51187277e5ef87dd9ad738ffc0383e02/e3189/MSmail.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/51187277e5ef87dd9ad738ffc0383e02/a2ead/MSmail.png 259w\", \"/docs-2026.5.2/static/51187277e5ef87dd9ad738ffc0383e02/6b9fd/MSmail.png 518w\", \"/docs-2026.5.2/static/51187277e5ef87dd9ad738ffc0383e02/e3189/MSmail.png 1035w\", \"/docs-2026.5.2/static/51187277e5ef87dd9ad738ffc0383e02/21b4d/MSmail.png 1280w\"],\n \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"h2\", null, \"Synchronization\"), mdx(\"p\", null, \"Working with \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"../../admin/5-lifecycle/3-recon\"\n }, \"reconciliation\"), \" and \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"../../getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch\"\n }, \"synchronization\"), \" is described in a separate documents.\\nIn addition to specifying appropriate groovy scripts for transformation/validation rules, you should also set a search string at the 'SQL Query / Directory Filter' parameter of your synchronization page (webconsole > Top menu \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Provisioning\"), \" > \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Synchronization\"), \" -> \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Edit\"), \" your synchronization profile). That string is the actual request that will be executed by the connector to find/filter users or groups from Entra.\"), mdx(\"h2\", null, \"Users synchronization\"), mdx(\"p\", null, \"For running Entra users synchronization you can use variations of the Get-MSOLUser query. Some usage examples are below.\"), mdx(\"p\", null, \"This query gets all users with all properties that are available.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-MSOLUser -All | Select-Object *\\n\")), mdx(\"p\", null, \"The query below selects all data about one particular user by \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"sign-in name\"), \". Let's call this user \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"someUser@openiam.com\"), \".\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-MSOLUser -SearchString 'someUser@openiam.com' | Select-Object *\\n\")), mdx(\"p\", null, \"The query below gets one \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"random first user\"), \" (usually useful for tests).\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-MSOLUser -MaxResults 1 | Select-Object *\\n\")), mdx(\"p\", null, \"Sometimes you may need to get information about several users. For example, below we get data about users with given \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"ObjectIDs\"), \":\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-MSOLUser -All | Where-Object {\\u200B\\u200B\\u200B\\u200B\\u200B\\u200B\\u200B\\u200B $_.ObjectID -eq '6e40cdcd-c066-4c38-8052-bf44a2322632' -or $_.ObjectID -eq 'ac9b7019-c026-403b-b3ee-231b6b5453b5'}\\u200B\\u200B\\u200B\\u200B\\u200B\\u200B\\u200B\\u200B | Select-Object *\\n\")), mdx(\"p\", null, \"Below are typical properties that you can get using queries like the above when you specify | \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Select-Object\"), \":\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectId\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"DisplayName\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"City\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Country\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Fax\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"FirstName\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"LastName\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ImmutableId\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"IsLicensed\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"LastDirSyncTime\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"LastPasswordChangeTimestamp\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"LicenseReconciliationNeeded\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"LiveId\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"MobilePhone\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"PasswordNeverExpires\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"PhoneNumber\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"PostalCode\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"SignInName\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"SoftDeletionTimestamp\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"State\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"StreetAddress\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"StrongPasswordRequired\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Title\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"UsageLocation\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"UserPrincipalName\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"UserType\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"WhenCreated\")), mdx(\"li\", {\n parentName: \"ul\"\n }, \"*\", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"MemberOf\"), \" (detailed explanation is given below)\")), mdx(\"p\", null, \"If you don't specify | \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Select-Object\"), \" * in your query, you will be able to get basic properties like:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"UserPrincipalName\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"DisplayName\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"isLicensed\"), \" \")), mdx(\"p\", null, \"Sometimes it is useful to get the list of groups which the current user is a member of. This is possible to do with user synchronization requests. To do this you should add the 'MemberOf' attribute to the 'Lookup Attribute Names' parameter of your synchronization configuration in OpenIAM. MemberOf is not returned by default using Get-MSOLUser command. Also, it relies on an additional module - Entra ID. So, adding the 'MemberOf' attribute to 'Lookup Attribute Names' will result in +1 request for each user that is found. If you have a lot of users in your Entra ID it may have notable impact on sync speed, so please make sure that you request \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"MemberOf\"), \" only in case when you really need this.\"), mdx(\"h2\", null, \"Groups synchronization\"), mdx(\"p\", null, \"For running Entra groups synchronization you can use variations of the Get-MSOLGroup query. Some usage examples are below.\"), mdx(\"p\", null, \"This query gets all groups with all properties that are available.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-MSOLGroup -All | Select-Object *\\n\")), mdx(\"p\", null, \" The query below selects all data about one particular group by group name.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-MSOLGroup -SearchString 'Your_Group_Name' | Select-Object *\\n\")), mdx(\"p\", null, \" The query below selects one random group (usually useful for tests).\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-MSOLGroup -MaxResults 1 | Select-Object *\\n\")), mdx(\"p\", null, \"Below are typical properties that you can get using queries like the above when you specify | \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Select-Object\"), \" *:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"DisplayName\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"CommonName\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Description\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"EmailAddress\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"GroupType\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"IsSystem\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"LastDirSyncTime\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ManagedBy\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectId\")), mdx(\"li\", {\n parentName: \"ul\"\n }, \"*\", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Membership\"), \" (detailed explanation is given below).\")), mdx(\"p\", null, \"If you don't specify | \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Select-Object\"), \"* in your query, you will be able to get basic properties like:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectId\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"DisplayName\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"GroupType\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Description\"))), mdx(\"p\", null, \"Sometimes it is \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"useful\"), \" to get the list of members of synced group(s). This is possible to do with group synchronization requests. To do this you should add the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Membership\"), \" attribute to the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Lookup Attribute Names\"), \" parameter of your synchronization configuration in OpenIAM. Membership is not returned by default using the Get-MSOLGroup command. So, if you include this attribute it would result in +1 requests for each group returned. If you have a lot of groups in your Entra ID it may have notable impact on sync speed, so please make sure that you request \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Membership\"), \" only in case when you really need this.\"), mdx(\"h2\", null, \"Service principals synchronization\"), mdx(\"p\", null, \"For running Entra service principals synchronization you \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"can\"), \" use variations of the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Get-AzureADServicePrincipal\"), \" query. Some usage examples are below.\"), mdx(\"p\", null, \"This query gets all service principals with all properties that are available.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \" Get-AzureADServicePrincipal -All:$true | Select-Object *\\n\")), mdx(\"p\", null, \"The query below selects all data about one particular service principal selecting by \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"ObjectId\"), \".\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \" Get-AzureADServicePrincipal -ObjectId 'ba8078c7-e75d-40df-b10b-53c01cf18846' | Select-Object * \\n\")), mdx(\"p\", null, \"The query below selects all data about one random first service principal.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \" Get-AzureADServicePrincipal -All:$true | Select-Object * -First 1 \\n\")), mdx(\"p\", null, \"Below are typical properties that you can get using queries like the above when you specify | \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Select-Object\"), \"* :\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectId\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectType\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"DisplayName\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AccountEnabled\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ServicePrincipalType\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AppDisplayName\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AppId\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AppOwnerTenantId\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AppRoleAssignmentRequired\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Homepage\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"PublisherName\"))), mdx(\"p\", null, \"If you don't specify | \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Select-Object\"), \" * in your query, you will be able to get basic properties like:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectID\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AppID\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"DisplayName\"))), mdx(\"ol\", {\n \"start\": 6\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Entra permissions synchronization\")), mdx(\"p\", null, \"For running Entra permissions synchronization you can use the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Get-oiAzurePermissionAssignments\"), \" request. It supports a single parameter: \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"SubscriptionIDs\"), \" where you can set the list of subscriptions separated by a comma. Examples are given below.\"), mdx(\"p\", null, \"This query gets all permissions within two given subscriptions.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-oiAzurePermissionAssignments -SubscriptionIDs '11111111-fb94-4db4-93f3-ae4defd93cb9', '22222222-fb94-4db4-93f3-ae4defd93cb9'\\n\")), mdx(\"p\", null, \"The query below gets a single subscription record from specified subscriptions. This could be used for testing.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-oiAzurePermissionAssignments -SubscriptionIDs '11111111-fb94-4db4-93f3-ae4defd93cb9' | Select-Object -First 1\\n\")), mdx(\"p\", null, \"G\", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"et-oiAzurePermissionAssignments\"), \" can grab the following properties for each permission assignment.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"RoleAssignmentId\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Scope\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"DisplayName\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"SignInName\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"RoleDefinitionName\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"RoleDefinitionId\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectId\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectType\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"CanDelegate\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Description\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ConditionVersion\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Condition\"))), mdx(\"h2\", null, \"Entra resources report usage\"), mdx(\"p\", null, \"The Entra connector can generate reports about Entra resource usage \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"inside\"), \" the given Resource group, Subscription or tenant.\\nTo be able to generate such reports the service account should possess, at least, the \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Reader\"), \" role on a given level. \"), mdx(\"p\", null, \"Assuming that the Entra services catalog is huge, and connector is just a default template, it supports reporting the limited set of resources out of the box. However, it is possible to extend it without issues by customizing the default connector.\"), mdx(\"p\", null, \"Out-of-the-box connectors can generate reports about usage of following resources:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Compute/disks\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Network/networkInterfaces\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Network/networkSecurityGroups\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Network/networkWatchers\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Network/publicIPAddresses\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.RecoveryServices/vaults\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Storage/storageAccounts\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Sql/servers/databases Microsoft.Sql/servers\"), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Network/virtualNetworks\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Compute/virtualMachines\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Web/sites\")), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Logic/workflows\"))), mdx(\"p\", null, \"To pull the Entra resource usage report you can use synchronization queries in a PowerShell style that look like using \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Get-oiAzureAccessReport\"), \" cmdlet. It supports the following parameters:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"PrincipalProperty\"), \" - \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"specifies\"), \" principal property of assignees' objects that will be returned. Allowed the following values: \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"SignInName\"), \" and \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectID\"), \". Cannot be used with \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"-SignInNames\"), \" or \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"-ObjectIDs\"), \" as those parameters belong to different parameter set. Is used when you query all assignees, \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"without\"), \" limiting your search for given set of sign in names or object ids.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectIDs\"), \" - \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"limits\"), \" the search scope to given ObjectIDs. It is possible to specify several values as multiple strings separated by comma. \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"Cannot\"), \" be used together with the \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"PrincipalProperty\"), \" argument\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"SignInNames\"), \" - limits the search scope to given SignInNames, exactly how the parameter above does.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Scope\"), \" - either \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"Tenant\"), \" or \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"Subscription\"), \". Specifies the \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"level of extraction\"), \". If you have Reader access on lower level, for example, single Resource group of one of subscriptions - you need to specify Subscription level and your search \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"will be limited\"), \" only to objects that you are allowed to access within your subscription.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ScopeID\"), \" - is an \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"identifier\"), \" of your Subscription or Tenant depending on what you use in the parameter above.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AllowedAttributes\"), \" - \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"optional\"), \" parameter that allows limiting a report to given resource types. Should be one of the supported resources on the list that were mentioned above.\")), mdx(\"p\", null, \"Below are some practical examples of queries:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-oiAzureAccessReport -PrincipalProperty 'SignInName' -Scope 'Tenant' -ScopeID '90b27a81-12e5-499d-b7b8-b23274b10331'\\n\")), mdx(\"p\", null, \"The query above gets reports for all resources available at Tenant \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"90b27a81-12e5-499d-b7b8-b23274b10331\"), \" selecting \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"SignInName\"), \" as \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"primary property\"), \".\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-oiAzureAccessReport -SignInNames 'user1@openiam.com','user2@openiam.com' -Scope 'Tenant' -ScopeID '90b27a81-12e5-499d-b7b8-b23274b10331'\\n\")), mdx(\"p\", null, \"The query above gets reports for all resources available for \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"user1@openiam.com\"), \" and \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"user2@openiam.com\"), \" at Tenant \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"90b27a81-12e5-499d-b7b8-b23274b10331\"), \".\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-oiAzureAccessReport -ObjectIDs 'c4b14ca1-82ae-4ba1-81d9-375da19bad51', '2094b9f1-878c-4c38-9972-a2b2a9f62d31' -Scope 'Tenant' -ScopeID '90b27a81-12e5-499d-b7b8-b23274b10331'\\n\")), mdx(\"p\", null, \"The query above gets reports for all resources available for objects with Id \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"c4b14ca1-82ae-4ba1-81d9-375da19bad51\"), \" and \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"2094b9f1-878c-4c38-9972-a2b2a9f62d31\"), \" at Tenant \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"90b27a81-12e5-499d-b7b8-b23274b10331\"), \".\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-oiAzureAccessReport -PrincipalProperty 'SignInName' -Scope 'Subscription' -ScopeID '90b27a81-12e5-499d-b7b8-b23274b10331'\\n\")), mdx(\"p\", null, \"Gets all resource usage reports for all users inside available resources of Subscription \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"90b27a81-12e5-499d-b7b8-b23274b10331\"), \". The primary \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"property\"), \" will be \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"SignInName\"), \".\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Get-oiAzureAccessReport -PrincipalProperty 'SignInName' -Scope 'Subscription' -ScopeID '90b27a81-12e5-499d-b7b8-b23274b1033b' -AllowedAttributes 'Microsoft.Network/networkSecurityGroups','Microsoft.Compute/virtualMachines'\\n\")), mdx(\"p\", null, \"The same as the query above, but report scope is limited to virtual machines and network security groups only.\"), mdx(\"p\", null, \"The result of this request will be the set of identities identified by \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"ObjectID\"), \" or \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"SignInName\"), \". Each of those identities will have the set of resources by each type (described above). Each resource will have a JSON payload that describes what permissions does this identity have. For example, identity A has some permissions to 3 virtual machines. So \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"Microsoft.Compute/disks\"), \" attribute will contain 3 permissions sets for each of those VMs and each would contain following properties:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ResourceName\"), \" - Name of resource to which this permission was granted. In our case it will be the name of current VM.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ResourceGroupName\"), \" - Name of Entra resource group that contains current VM.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ResourceId\"), \" - ID of current VM.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ResourceType\"), \" - type of resource. In our case - \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Microsoft.Compute/disks\"), \".\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"SubscriptionId\"), \" - ID of subscription that contains current VM.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"RoleDefinitionId\"), \" - ID of role definition below.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"RoleDefinitionName\"), \" - Name of role (like \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"Reader\"), \", \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"Owner\"), \" etc.).\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AssigneeType\"), \" - Type of identity that has this permission. For example, \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"User\"), \" or \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ServicePrincipal\"), \".\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AssigneeDisplayName\"), \" - Display name of identity that was given permission for current object.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AssigneeSignInName\"), \" - If this assignee has a \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"sign in name\"), \" (like user), it will contain it. Otherwise, it will be empty (like for service principals).\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AssigneeObjectId\"), \" - \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectID\"), \" of identity that has this permission.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"AssigneeCanDelegate\"), \" - True or False, indicates if assignee can \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"delegate\"), \" permission to some other identities.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"RoleAssignmentId\"), \" - Identifier of current role assignment.\")), mdx(\"h2\", null, \"Entra ID Roles synchronization\"), mdx(\"p\", null, \"The connector can synchronize Entra ID roles and role memberships. In the Azure portal UI those roles could be found at \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Roles and administrators\"), \" section.\"), mdx(\"p\", null, \"To run synchronization, you can use the query below:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \" Get-MsolRole \\n\")), mdx(\"p\", null, \"This request returns all available roles in your Entra ID. This request does not take parameters. However, if your \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"attribute name lookup\"), \" contains \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"membership\"), \" the result will include not only the full list of roles, but role members as well.\"), mdx(\"p\", null, \"Attributes that are returned by the connector:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Name\"), \" - the name of the role.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ObjectId\"), \" - Id of the role.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Description\"), \" - role description.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"IsEnabled\"), \" - indicates if this role is enabled.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"IsSystem\"), \" - indicates if this role is system generated or was created as a custom role.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Membership\"), \" - if 'attribute name lookup' contains 'membership' it will contain all members of the current role.\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Important to know\"), \" - in Entra UI there is a \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Global Administrator\"), \" role, which contains users that have unlimited control. When you run synchronization, this role is returned as \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Company Administrator\"), \". This is actually the \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"same\"), \" role, but there is a difference between how the Azure portal UI displays it and PowerShell API returns it. So, this naming difference should be kept in mind.\"), mdx(\"h1\", null, \"Connector troubleshooting and tips\"), mdx(\"p\", null, \"Connector troubleshooting is covered in the document that describes all .NET/PowerShell connector usage: \", mdx(Link, {\n to: \"/connectorconfig/microsoft/2-powershellconnectorsusage\",\n mdxType: \"Link\"\n }, \"PowerShell connector usage\"), \". Troubleshooting steps are the same for all connectors of this type. The following information is specific for this connector.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"The connector sets \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ForceChangePassword\"), \" as false by default. This is done because OpenIAM should be keeping the password on its side and control it. Also, the connector sets the \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"PasswordNeverExpires\"), \" flag to prevent user's need to change the password so only OpenIAM controls password changes.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"If you encounter issues connecting to your cloud, syncing data etc. the issue \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"may be linked\"), \" to being unable to connect to Microsoft cloud successfully. It is possible to run a script, that connects using the MSOL module and validates the connection:\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"# Add the MSOnline module to the PowerShell session\\nImport-Module MSOnline\\n# Get credentials of the service account\\n$Credentials = Get-Credential\\n# Connect to Azure AD\\nConnect-MsolService -Credential $Credentials \\n# Optionally you may want to select just a single user to make sure that your service account can read\\nGet-MSOLUser -MaxResults 1\\n\")), mdx(\"p\", null, \"The connector mostly relies on the \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"MSOnline module\"), \", however, for some operations it relies on the Entra iD module, so probably you would like to check how it connects using this module as well:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"# Add the AzureAD module to the PowerShell session\\nImport-Module AzureAD\\n# Get credentials of Azure admin\\n$Credentials = Get-Credential\\n# Connect to Azure AD\\nConnect-AzureAD -Credential $Credentials\\n\")), mdx(\"h3\", null, \"O365 group membership\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"When you create a new user and would like to assign O365 group to this user you should keep in mind that you will be able to assign group membership only after the user would get licensed and the license would be properly provisioned. According to Microsoft it may take up to 24 hours, but it usually takes around 20 minutes. At the same time if you work with Security groups, they could be assigned right away.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"If your service account is not a member of the \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"MailRecipients\"), \" role, the connector may be unable to properly handle O365 group assignment. So, if you work with O365 groups you should keep in mind service account permissions requirements.\")));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#general-information","title":"General information","items":[{"url":"#service-account-information","title":"Service account information"}]},{"url":"#requirements","title":"Requirements","items":[{"url":"#installation-and-connection-to-openiam","title":"Installation and connection to OpenIAM"},{"url":"#synchronization","title":"Synchronization"},{"url":"#users-synchronization","title":"Users synchronization"},{"url":"#groups-synchronization","title":"Groups synchronization"},{"url":"#service-principals-synchronization","title":"Service principals synchronization"},{"url":"#entra-resources-report-usage","title":"Entra resources report usage"},{"url":"#entra-id-roles-synchronization","title":"Entra ID Roles synchronization"}]},{"url":"#connector-troubleshooting-and-tips","title":"Connector troubleshooting and tips","items":[{"items":[{"url":"#o365-group-membership","title":"O365 group membership"}]}]}]},"parent":{"relativePath":"connectorconfig/microsoft/5-azuread.md"},"frontmatter":{"metaTitle":"Entra ID/O365 connector","metaDescription":"This page describes how to enable provisioning to Entra ID and Office365"}},"allMdx":{"edges":[{"node":{"fields":{"slug":"/changelog","title":"Change log"}}},{"node":{"fields":{"slug":"/appendix","title":"Appendix"}}},{"node":{"fields":{"slug":"/connectorconfig","title":"IdM Connectors"}}},{"node":{"fields":{"slug":"/admin","title":"Administration guide"}}},{"node":{"fields":{"slug":"/developerguide","title":"Developer Guide"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice","title":"End user guide for SelfService portal"}}},{"node":{"fields":{"slug":"/getting-started","title":"Getting Started"}}},{"node":{"fields":{"slug":"/troubleshooting","title":"FAQ / Troubleshooting"}}},{"node":{"fields":{"slug":"/whatsnew","title":"What's new in OpenIAM"}}},{"node":{"fields":{"slug":"/ssocatalog","title":"SSO Catalog"}}},{"node":{"fields":{"slug":"/admin/0-login","title":"Logging in to the admin portal"}}},{"node":{"fields":{"slug":"/admin/1-exportimport","title":"Import / Export"}}},{"node":{"fields":{"slug":"/","title":"Welcome to the OpenIAM Documentation"}}},{"node":{"fields":{"slug":"/installation","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin","title":"User administration"}}},{"node":{"fields":{"slug":"/admin/12-administration","title":"Administration"}}},{"node":{"fields":{"slug":"/admin/10-consent-management","title":"Consent management"}}},{"node":{"fields":{"slug":"/admin/10-password","title":"Password policy"}}},{"node":{"fields":{"slug":"/admin/13-selfregistration","title":"Self-registration"}}},{"node":{"fields":{"slug":"/admin/15-audit","title":"Audit"}}},{"node":{"fields":{"slug":"/admin/14-Help.Desk.User.Profile.Protection","title":"HelpDesk profile protection"}}},{"node":{"fields":{"slug":"/admin/16-admin-pswd-change","title":"Password reset for administrator's account"}}},{"node":{"fields":{"slug":"/admin/18-services-passwd-change-k8","title":"Password update for OpenIAM services in Kubernetes"}}},{"node":{"fields":{"slug":"/admin/2-authentication","title":"Authentication"}}},{"node":{"fields":{"slug":"/admin/19-reports","title":"OpenIAM report services"}}},{"node":{"fields":{"slug":"/admin/21-graph-rebuild","title":"Rebuilding OpenIAM's in-memory authorization graph"}}},{"node":{"fields":{"slug":"/admin/3-authz","title":"Managing access"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/admin/20-virtual-tentant-by-org","title":"Enabling a virtual tenant by organization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov","title":"Requests / Approval"}}},{"node":{"fields":{"slug":"/admin/22-token-session-util","title":"Session management utility for RPM"}}},{"node":{"fields":{"slug":"/admin/7-access-cert","title":"User access review"}}},{"node":{"fields":{"slug":"/admin/8-sso","title":"Federation / SSO to applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle","title":"Automated provisioning"}}},{"node":{"fields":{"slug":"/changelog/13-Release-4.2.1.7","title":"Release 4.2.1.7"}}},{"node":{"fields":{"slug":"/changelog/14-Release-4.2.1.8","title":"Release 4.2.1.8"}}},{"node":{"fields":{"slug":"/changelog/12-Release-4.2.1.6","title":"Release 4.2.1.6"}}},{"node":{"fields":{"slug":"/changelog/11-Release-4.2.1.5","title":"Release 4.2.1.5"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy","title":"Access gateway"}}},{"node":{"fields":{"slug":"/changelog/16-Release-4.2.1.10","title":"Release 4.2.1.10"}}},{"node":{"fields":{"slug":"/changelog/15-Release-4.2.1.9","title":"Release 4.2.1.9"}}},{"node":{"fields":{"slug":"/changelog/17-Release-4.2.1.11","title":"Release 4.2.1.11"}}},{"node":{"fields":{"slug":"/changelog/18-Release-4.2.1.12","title":"Release 4.2.1.12"}}},{"node":{"fields":{"slug":"/changelog/19-Release-4.2.1.13","title":"Release 4.2.1.13"}}},{"node":{"fields":{"slug":"/changelog/20-Release-4.2.1.14","title":"Release 4.2.1.14"}}},{"node":{"fields":{"slug":"/changelog/22-v2026.1.1","title":"Changelog for v2026.1.1"}}},{"node":{"fields":{"slug":"/appendix/1-self-signedcert","title":"Generate Self-signed Cert"}}},{"node":{"fields":{"slug":"/appendix/2-openssl","title":"Install OpenSSL"}}},{"node":{"fields":{"slug":"/changelog/23-v2026.5.2","title":"Changelog for v2026.5.2"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.1.15","title":"Release 4.2.1.15"}}},{"node":{"fields":{"slug":"/appendix/3-installopenldap","title":"Install OpenLDAP on Ubuntu"}}},{"node":{"fields":{"slug":"/connectorconfig/2-configparam","title":"Connector parameters"}}},{"node":{"fields":{"slug":"/connectorconfig/4-troubleshootingconnector","title":"Provisioning operations troubleshooting"}}},{"node":{"fields":{"slug":"/connectorconfig/JDBC","title":"JDBC connector"}}},{"node":{"fields":{"slug":"/connectorconfig/LDAP","title":"LDAP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/SAPUME","title":"SAP UME connector"}}},{"node":{"fields":{"slug":"/connectorconfig/adp","title":"ADP connector"}}},{"node":{"fields":{"slug":"/appendix/4-prepforprod","title":"Prepare for Production"}}},{"node":{"fields":{"slug":"/connectorconfig/aerospike","title":"Aerospike connector"}}},{"node":{"fields":{"slug":"/connectorconfig/freeIPA","title":"FreeIPA connector"}}},{"node":{"fields":{"slug":"/connectorconfig/gsuite","title":"GSuite connector"}}},{"node":{"fields":{"slug":"/connectorconfig/linux","title":"Linux connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aws","title":"AWS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracle","title":"Oracle RDBMS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft","title":"Microsoft Application Connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/oracleebs","title":"Oracle EBS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/postgresql","title":"PostgreSQL connector"}}},{"node":{"fields":{"slug":"/admin/17-services-manual-passwd-change","title":"Manual password update for OpenIAM services in RPM"}}},{"node":{"fields":{"slug":"/connectorconfig/sap","title":"SAP S/4 Hana connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector","title":"Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/salesforce","title":"Salesforce.com connector"}}},{"node":{"fields":{"slug":"/connectorconfig/tableau","title":"Tableau connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scim","title":"SCIM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/workday","title":"Workday connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css","title":"Customizing branding"}}},{"node":{"fields":{"slug":"/developerguide/10-OpenIAM-opensource-rep","title":"OpenIAM open source repository"}}},{"node":{"fields":{"slug":"/developerguide/11-groovy-scripts","title":"Groovy Script Management"}}},{"node":{"fields":{"slug":"/developerguide/2-api","title":"RESTful API"}}},{"node":{"fields":{"slug":"/developerguide/3-whitelisting","title":"Whitelisting packages"}}},{"node":{"fields":{"slug":"/developerguide/6-ide","title":"Script development using an IDE"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel","title":"Data model"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization","title":"Synchronization Scripts"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/1-login","title":"Logging in to SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice","title":"Operations via SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest","title":"Request management"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/6-singlesignon","title":"Single sign-on"}}},{"node":{"fields":{"slug":"/developerguide/4-scheduledtasks","title":"Batch/Scheduled tasks"}}},{"node":{"fields":{"slug":"/getting-started/1-what_is_openiam","title":"What is OpenIAM?"}}},{"node":{"fields":{"slug":"/getting-started/2-productarchitecture","title":"Platform architecture"}}},{"node":{"fields":{"slug":"/getting-started/3-install_openiam","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess","title":"User access rights"}}},{"node":{"fields":{"slug":"/getting-started/21-concepts","title":"Concepts"}}},{"node":{"fields":{"slug":"/getting-started/5-connecting","title":"Connecting to an authoritative source"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce","title":"Discovery questions"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning","title":"Automated user provisioning"}}},{"node":{"fields":{"slug":"/getting-started/8-openiam-with-IdP","title":"Integrating OpenIAM with your IdP"}}},{"node":{"fields":{"slug":"/getting-started/99-multifactor-authentication","title":"Configuring multi-factor authentication"}}},{"node":{"fields":{"slug":"/getting-started/9-openiam-as-IdP","title":"Integrating OpenIAM as your IdP"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation","title":"Deploying to Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/7-selfservice-pswd","title":"SelfService password reset"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation","title":"Deploying on OpenShift"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation","title":"Deploying via RPM on Linux"}}},{"node":{"fields":{"slug":"/installation/8-sizing","title":"Sizing recommendations"}}},{"node":{"fields":{"slug":"/installation/9-data_migration","title":"OpenIAM data migration"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation","title":"Deploying via Docker"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous","title":"Miscellaneous related articles"}}},{"node":{"fields":{"slug":"/ssocatalog/AWS","title":"AWS SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Freshdesk","title":"Freshdesk SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Gsuite","title":"GSuite SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Azure","title":"Azure SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Salesforce","title":"Salesforce.com"}}},{"node":{"fields":{"slug":"/ssocatalog/okta","title":"Okta SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Office365","title":"Office365 SSO"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster","title":"Cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment","title":"Environment"}}},{"node":{"fields":{"slug":"/troubleshooting/docker","title":"Docker Swarm"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors","title":"Connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational","title":"Operational"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm","title":"RPM"}}},{"node":{"fields":{"slug":"/whatsnew/1-v420","title":"New in v4.2.0.0"}}},{"node":{"fields":{"slug":"/troubleshooting/v3_update","title":"Update from V3.X to V4.X"}}},{"node":{"fields":{"slug":"/whatsnew/10-v4218","title":"New in v4.2.1.8"}}},{"node":{"fields":{"slug":"/whatsnew/11-v4219","title":"New in v4.2.1.9"}}},{"node":{"fields":{"slug":"/whatsnew/14-v42112","title":"New in v4.2.1.12"}}},{"node":{"fields":{"slug":"/whatsnew/15-v42113","title":"New in v4.2.1.13"}}},{"node":{"fields":{"slug":"/whatsnew/16-v42115","title":"New in v4.2.1.15"}}},{"node":{"fields":{"slug":"/whatsnew/16-v422","title":"New in v4.2.2"}}},{"node":{"fields":{"slug":"/whatsnew/13-v42111","title":"New in v4.2.1.11"}}},{"node":{"fields":{"slug":"/whatsnew/17-v2026.1.1","title":"New in v2026.1.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.3.1","title":"New in v2026.3.1"}}},{"node":{"fields":{"slug":"/whatsnew/12-v42110","title":"New in v4.2.1.10"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.2.1","title":"New in v2026.2.1"}}},{"node":{"fields":{"slug":"/whatsnew/19-v2026.3.2","title":"New in v2026.3.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.3.3","title":"New in 2026.3.3"}}},{"node":{"fields":{"slug":"/whatsnew/21-v2026.4.2","title":"New in v2026.4.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.4.1","title":"New in v2026.4.1"}}},{"node":{"fields":{"slug":"/whatsnew/22-v2026.5.2","title":"New in v2026.5.2"}}},{"node":{"fields":{"slug":"/whatsnew/8-v4216","title":"New in v4.2.1.6"}}},{"node":{"fields":{"slug":"/whatsnew/9-v4217","title":"New in v4.2.1.7"}}},{"node":{"fields":{"slug":"/whatsnew/7-v4215","title":"New in v4.2.1.5"}}},{"node":{"fields":{"slug":"/connectorconfig/rexx","title":"Rexx connector"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/10-bulkoperations","title":"Bulk operations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/1-createuser","title":"Creating a user"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/11-bulkentitlements","title":"Bulk operations with entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/13-unlock-account","title":"Unlocking an account"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/14-add-remove-entitlements","title":"Adding/Removing entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/15-rehireuserflow","title":"Rehire user flow"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/12-externaldelegation","title":"Organization level delegation"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/16-user-conversion","title":"User conversion"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/17-newhireworkflow","title":"New hire workflow configuration"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/18-creating-new-dept-division","title":"Creating a new department or division"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/3-adminoperations","title":"Administrative actions on a User"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration","title":"Configuring page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/2-usertypes","title":"Custom user types"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/5-finduser","title":"User search"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/8-serviceaccounts","title":"Service accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/7-customfields","title":"Custom fields"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/9-orphanmanagement","title":"Orphan management"}}},{"node":{"fields":{"slug":"/admin/10-password/1-pswd-compromised","title":"Password breach detection"}}},{"node":{"fields":{"slug":"/admin/12-administration/3-squence-generator","title":"Sequence generators"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/6-relatedAccount","title":"Related accounts"}}},{"node":{"fields":{"slug":"/admin/12-administration/4-otpconfig","title":"Configure OTP Provider"}}},{"node":{"fields":{"slug":"/admin/12-administration/6-languages","title":"Managing languages"}}},{"node":{"fields":{"slug":"/admin/12-administration/5-links","title":"External links on login page"}}},{"node":{"fields":{"slug":"/admin/12-administration/7-reconciliationhistory","title":"Reconciliation history"}}},{"node":{"fields":{"slug":"/admin/12-administration/8-aboutopenIAM-page","title":"About OpenIAM Page"}}},{"node":{"fields":{"slug":"/admin/12-administration/9-reindex_elasticsearch","title":"Reindex Opensearch"}}},{"node":{"fields":{"slug":"/admin/15-audit/2-audit-log-export-connector","title":"Audit log export connector"}}},{"node":{"fields":{"slug":"/admin/12-administration/99-heartbeat","title":"Heartbeat links"}}},{"node":{"fields":{"slug":"/admin/2-authentication/1-auth-overview","title":"Configuring authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/11-credentialprovider","title":"Credential provider"}}},{"node":{"fields":{"slug":"/admin/2-authentication/10-fidologin","title":"FIDO-2 authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/13-criiptoauth","title":"Criipto authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-account-unlock","title":"Setting up account unlock"}}},{"node":{"fields":{"slug":"/admin/15-audit/1-audit-events-interpret","title":"Audit events interpretation"}}},{"node":{"fields":{"slug":"/admin/2-authentication/14-duo-auth","title":"Duo authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/15-modernauth","title":"Microsoft Modern authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-certificateauth","title":"Configuring certificate-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/16-external-multiselect-auth","title":"External/multiselect authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-auth-policy","title":"Authentication policy"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-delegatedauth","title":"Managed System authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/21-dashboards","title":"Monitoring dashboards"}}},{"node":{"fields":{"slug":"/admin/2-authentication/3-passwordauth","title":"Password-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/9-adaptiveauth","title":"Adaptive authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/1-overview","title":"Introduction to access control"}}},{"node":{"fields":{"slug":"/admin/2-authentication/7-otp","title":"OTP over SMS or E-mail"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus","title":"Menus"}}},{"node":{"fields":{"slug":"/admin/3-authz/10-accessright","title":"Access rights"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social","title":"Social authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/11-contentprovider","title":"Content provider"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups","title":"Managing groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/4-types","title":"Metadata types"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-conflict-groups","title":"Conflict Groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/5-resources","title":"Managing resources"}}},{"node":{"fields":{"slug":"/admin/3-authz/8-accesstossoapps","title":"Access to SSO applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/6-organization","title":"Managing organizations"}}},{"node":{"fields":{"slug":"/admin/3-authz/9-approvalflow","title":"Configuring approval workflows"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles","title":"Managing roles"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/1-Automated-applications","title":"Connected applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications","title":"Manual applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/10-managedsystemsimulation","title":"Managed system simulation mode"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config","title":"Configure Provisioning"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/12-LDAP-managedsys-config","title":"LDAP Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/2-incrementalsynch","title":"Incremental synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/3-recon","title":"Configure reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/6-managedsystem-config","title":"Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/4-birthright","title":"Birthright access"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/5-recon-groovy","title":"Groovy Scripts for Reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/8-importentitlements","title":"Import entitlements"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/9-importorganization","title":"Import Organizations"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/1-synch","title":"Configuring synchronization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/1-application-category","title":"Application categories"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/2-approval-flow","title":"Approval flow"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/5-approve-by-email","title":"Approving requests via Email"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/3-manualTasks","title":"Manual tasks"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/4-post-request","title":"After request has been approved"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/7-questionnaire","title":"Questionnaire"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/1-entitlmentcert","title":"Entitlement based certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/11-campaign-dashboard","title":"Campaign dashboard"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-event-driven-cert","title":"Risk event driven certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/3-certification-reporting","title":"Certification reporting"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-factor-config","title":"Risk factors configuration"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/5-delete-campaign","title":"Deleting an access certification campaign"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/10-mitigation-controls","title":"Mitigation controls for SoD"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-membership-tags","title":"Membership tags"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/6-campaign-database","title":"Access certification campaigns as database objects"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/7-expiration-policy","title":"Expiration policy"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-usercert","title":"User based review"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/9-segregation-of-duties","title":"Segregation of Duties (SoD) policies"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/thesaurus","title":"Access Certification Thesaurus"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/8-multiple-reviwer-campaigns","title":"Multi-reviewer user access review campaigns"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2","title":"oAuth 2.0"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml","title":"Add SAML SP to OpenIAM"}}},{"node":{"fields":{"slug":"/admin/8-sso/3-oidc","title":"OpenID Connect"}}},{"node":{"fields":{"slug":"/admin/8-sso/5-auth_scopes","title":"OpenIAM oAuth scopes"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/2-headerinj","title":"Header Injection"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/3-urlrewriting","title":"URL Rewriting"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/6-example","title":"Examples"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/7-rProxy-loadbalancer","title":"Reverse Proxy with Load Balancer"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/8-kerberos","title":"Setting up Kerberos via rProxy"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/1-formfill","title":"Form Fill"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/9-directive-reference","title":"mod_openiam Directive Reference"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/1-powershellconnectorinstallation","title":"Installing PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal","title":"WinLocal OpenIAM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-WindowsPasswordFilter","title":"AD Password Filter"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/13-successfactors","title":"SuccessFactors connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-dynamics365FO","title":"Dynamics365 Finance&Operations connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/15-powershell-generic","title":"Building a custom PowerShell connector for OpenIAM"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management","title":"Mail management"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig","title":"System configuration"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/14-psgraph","title":"Microsoft Graph PowerShell connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/16-teams","title":"Microsoft Teams connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/2-powershellconnectorsusage","title":"Using PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/3-powershellconnectorupdate","title":"Updating PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/5-azuread","title":"Entra ID/O365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/6-exchange","title":"Exchange connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/7-azuredevops","title":"Azure DevOps connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/connector-request-template","title":"OpenIAM connector request template"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/9-sqlserver","title":"Microsoft SQL Server connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/8-dynamics365","title":"Dynamics365 connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/2-cssexamples","title":"CSS file examples"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/1-customcss","title":"Creating custom CSS"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/GroovyScriptConnector","title":"Configuring Groovy Script connector"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman","title":"Getting started with Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java","title":"Getting started with Java"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/1-provision-on-date","title":"Provision/Deprovision on date"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/2-access-certification-reminder","title":"Notification reminders for approvers"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python","title":"Getting started with Python"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/2-rbacmodel","title":"Access control model"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/1-usermodel","title":"User data model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/approver-association","title":"/webconsole - approver-association"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-right","title":"/webconsole - access-right"}}},{"node":{"fields":{"slug":"/developerguide/8-api/audit-log","title":"/webconsole - audit-log"}}},{"node":{"fields":{"slug":"/developerguide/8-api/authentication-grouping","title":"/webconsole - authentication-grouping"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-certification","title":"/webconsole - access-certification"}}},{"node":{"fields":{"slug":"/developerguide/8-api/batch","title":"/webconsole - batch"}}},{"node":{"fields":{"slug":"/developerguide/8-api/auth-provider","title":"/webconsole - auth-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/challenge-response","title":"/webconsole - challenge-response"}}},{"node":{"fields":{"slug":"/developerguide/8-api/connector","title":"/webconsole - connector"}}},{"node":{"fields":{"slug":"/developerguide/8-api/groovy-manager","title":"/webconsole - groovy-manager"}}},{"node":{"fields":{"slug":"/developerguide/8-api/content-provider","title":"/webconsole - content-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/email","title":"/webconsole - email"}}},{"node":{"fields":{"slug":"/developerguide/8-api/field","title":"/webconsole - field"}}},{"node":{"fields":{"slug":"/developerguide/8-api/group","title":"/webconsole - group"}}},{"node":{"fields":{"slug":"/developerguide/8-api/it-policy","title":"/webconsole - it-policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-oauth","title":"/idp - idp-oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/elastic-search","title":"/webconsole - elastic-search"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-rest","title":"/idp - idp-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/managed-system","title":"/webconsole - managed-system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/menu","title":"/webconsole - menu"}}},{"node":{"fields":{"slug":"/developerguide/8-api/metadata","title":"/webconsole - metadata"}}},{"node":{"fields":{"slug":"/developerguide/8-api/oauth","title":"/webconsole - oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization-type","title":"/webconsole - organization-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization","title":"/webconsole - organization"}}},{"node":{"fields":{"slug":"/developerguide/8-api/page-template","title":"/webconsole - page-template"}}},{"node":{"fields":{"slug":"/developerguide/8-api/property-value","title":"/webconsole - property-value"}}},{"node":{"fields":{"slug":"/developerguide/8-api/policy","title":"/webconsole - policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource-type","title":"/webconsole - resource-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/report","title":"/webconsole - report"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource","title":"/webconsole - resource"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-config","title":"/webconsole - sync-config"}}},{"node":{"fields":{"slug":"/developerguide/8-api/role","title":"/webconsole - role"}}},{"node":{"fields":{"slug":"/developerguide/8-api/system","title":"/webconsole - system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-rest","title":"/webconsole - sync-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/ui-theme","title":"/webconsole - ui-theme"}}},{"node":{"fields":{"slug":"/developerguide/8-api/uri-pattern","title":"/webconsole - uri-pattern"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov","title":"Automated provisioning Scripts"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import","title":"Import from application"}}},{"node":{"fields":{"slug":"/developerguide/8-api/user","title":"/webconsole - user"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/3-importing_groups","title":"Importing groups from application"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/4-relations-with-manager","title":"Populating a manager"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/1-forgotpassword","title":"Forgot password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/3-changepassword","title":"Updating your password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/2-updateprofile","title":"Updating user profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/4-outofoffice","title":"Out of office assistant"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/5-forgotusername","title":"Forgot username"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/6-updatesecquestions","title":"Updating security questions"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/10-positionchange","title":"Position change request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/1-servicecatalog","title":"Requesting access via catalog"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/11-accessprofiles","title":"Access profiles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/2-jobprofile","title":"Requesting access from profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/5-approverequest","title":"Approving requests"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/6-requestadministration","title":"Request administration"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/12-bulkupload","title":"Uploading users in bulk"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/7-requesthistory","title":"Requests history"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/8-newgroup","title":"Creating a group request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/9-newuser","title":"Creating a new user"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/1-viewmyaccess","title":"View my access"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/3-UAR-in-Self-Service","title":"User access review module in SelfService"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/1-designrole","title":"Designing business roles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/2-directreports","title":"View direct reports"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/2-openiam-access-role","title":"Designing access roles"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/3-connector-planning","title":"Connector requirements"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial","title":"Automated provisioning tutorial"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/1-jml","title":"Joiners, movers, leavers processes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect","title":"Deploying and registering connectors"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements","title":"Importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements","title":"Importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode","title":"Single VM Install"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/12-migrating-onpremises-to-cloud","title":"Migrating OpenIAM from on-premises installation to a cloud-based infrastructure"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/11-configuration-options","title":"Configuration options in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/10-ha-rpm","title":"High availability (HA) deployment using RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/2-rproxy","title":"r-Proxy installation in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/4-backup","title":"RPM backup / recovery"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports","title":"Deployment architecture in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-migrating-non-production-to-production-environment","title":"Migrating non-production to production environment in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB","title":"Installing OpenIAM with a remote database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/8-ssl","title":"Configuring HTTPS in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/9-rabbitssl","title":"Enable TLS for RabbitMQ in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/2-Configuration-options","title":"Configuration options in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading","title":"Upgrading OpenIAM in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/1-https","title":"Configuring HTTPS on Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading","title":"Upgrading OpenIAM in Docker environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/6-externalDB","title":"Installing OpenIAM with a remote database in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/5-docker-swarm-backup","title":"Backup / restore in Docker Swarm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/1-ssl","title":"Configuring HTTPS in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/11-common-scenario","title":"Installing OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/12-vault-migration-fromRPM-toK8","title":"Migration of Vault from RPM-based cluster to Kubernetes-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/10-backup-and-restoration","title":"Backup and restoration procedure in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/3-depl-without-terraform","title":"Deploying OpenIAM on Kubernetes using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/4-RabbitMQ-TLS","title":"RabbitMQ TLS directory in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/4-YAML-files","title":"Docker YAML files"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms","title":"Kubernetes Platforms"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/2-deployment-with-terraform","title":"Deploying OpenIAM with Terraform"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading","title":"Upgrading OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/7-useal-keys-restoration","title":"Backing up and restoring the vault unseal keys in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/1-create-cluster","title":"Creating an OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/9-remoteDB","title":"Installing OpenIAM with a remote database in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/2-connect-to-cluster","title":"Connect to OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/3-deploy-OpenIAM-helm","title":"Deploy OpenIAM to OpenShift cluster with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/4-some-descriptions-helm","title":"Memory requirements for OpenShift deployment with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/5-localhost-dev-cluster","title":"Localhost development cluster"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/6-deploy-from-windows","title":"Deploy OpenIAM to OpenShift cluster with Helm (from Windows)"}}},{"node":{"fields":{"slug":"/installation/8-sizing/1-small-k8","title":"Small Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/8-sizing/2-medium-k8","title":"Medium Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/02-hardening","title":"Securing your installation"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/8-AKS_with_ext_MSSQL","title":"Deploying OpenIAM on AKS (Kubernetes) with an external MSSQL database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/01-log4j","title":"Log4j Vulnerability"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/03-db-switch","title":"Change OpenIAM product database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/04-compatibility","title":"Compatibility matrix"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/05-postgres-install","title":"Installing PostgreSQL 15"}}},{"node":{"fields":{"slug":"/installation/9-data_migration/1-migrating_ES_Docker","title":"Verifying and migrating Elasticsearch data in Docker-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/99-miscellaneous/04-compatibility","title":"Compatibility Matrix"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/1-connectorlogs","title":"View container logs"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/3-uninstall","title":"Remove an OpenIAM Docker Install"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/2-containersrestart","title":"Containers Restarting"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/4-troubleshooting-steps","title":"Troubleshooting steps in a container-based cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/disableswap","title":"Disable swap"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/memoryutili","title":"Check memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/redismemory","title":"Redis memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/5-log-checking-guide","title":"Docker log checking guide"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-after-migration","title":"Access problem after migrating OpenIAM"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/activationlink","title":"Error when sending activation link"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/audit-doc-timestamp","title":"Audit document timestamp issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-forbidden","title":"Access Forbidden error"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/auth-manager","title":"Backend exception error when running authentication manager"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/JDBC-connection-pool","title":"Increasing the JDBC connection pool size"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/database-reset","title":"Database reset"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/elasticsearch-readonly-state","title":"Elasticsearch read-only state"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/flyway_version","title":"Flyway version issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/increasing-RAM","title":"Increasing memory for OpenIAM services"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/modifly_system_labels_and_messages","title":"Changing system labels and messages"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/lackof_disk_space","title":"Running out of disk space"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/debug-logs-CassandraJanusGraph","title":"Enabling and disabling debug logs for Cassandra and JanusGraph"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/overriding-app-properties","title":"Overriding UI application properties"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/my-application-page-selfservice","title":"Changing refresh time for My Applications page in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/pad-block-corrupted","title":"PAD Block Corrupted"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/remove-navigation-bar","title":"Removing menu items from top navigation bar"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/report-generation-issue","title":"Error during report generating in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/failed-dependencies","title":"Failed dependencies"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/run_flyway_repair_mode","title":"Run Flyway in repair mode"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/resetting_passwords","title":"Resetting passwords"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/trobleshooting_guide","title":"Troubleshooting guide for RPM"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors/sync-vs-async-source","title":"Synchronous vs. asynchronous synchronization source for connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/username_in_selfservice","title":"Username not shown in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/1-rabbitmq-reinit","title":"RabbitMQ cluster went out of order"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/unlocksysadmin","title":"Unlock sysadmin"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/2-rabbitmq-UI","title":"RabbitMQ is not reached from UI in RPM installations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/1-userpage","title":"Configuring user page templates"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/3-Rabbitmq-connection-timeout","title":"RabbitMQ connection timeout issue"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/4-customtemplates","title":"Custom form templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/2-customuserpage","title":"Creating more custom user edit pages"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/1-system","title":"System tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/3-UI","title":"UI tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/2-regex-validation","title":"Validation regular expressions"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/4-workflow","title":"Workflow tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/5-organization-tab","title":"Organization tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/6-password","title":"Password tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/7-authentication","title":"Authentication tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/8-auditeventstosyslog","title":"Exporting audit events to syslogs"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/1-emailtemplates","title":"Email templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/3-multilanguagemail","title":"Multilanguage emails"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/2-smtpconfig","title":"Mailbox Configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/9-health-checks","title":"Configuring health checks for managed systems"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/4-mail-via-azure","title":"Mailbox configuration via Azure application"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/5-alert-notifications","title":"Configuring alert notifications"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/6-email-template-variables","title":"Email template variables reference"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/1-googlesociallogin","title":"Google Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/2-facebooksociallogin","title":"Facebook Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/3-linkedinsociallogin","title":"LinkedIn Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/4-appleidsociallogin","title":"AppleID Social Login"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/2-adminaccess","title":"Admin access role"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/3-FAQ","title":"FAQs about menus and their use"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/1-enduseraccess","title":"End-user access roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/4-Config-Lhand-menu-SS-MyInfo","title":"Configurable left-hand menu in SelfService 'My Info' page"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/1-role-types","title":"Types of roles existing in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/2-createrole","title":"Create role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/3-findrole","title":"Finding an existing role"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups/1-create-group","title":"Creating a group"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications/1-reg-applications","title":"Register applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/5-importingroles","title":"Importing roles"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config/1-prepost-processor","title":"Pre/PostProcessor"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml/1-jit-provisioning","title":"Just-in-time Provisioning"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2/1-Auth-code-grand","title":"Authorization code grant type"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/2-winlocalv5","title":"Version 5"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/1-winlocalv4","title":"Version 4"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/1-createauthprovider","title":"Create OpenIAM Provider for Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/2-postmanconfig","title":"Create Postman collection"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/4-JWT-tokens","title":"Getting started with JWT tokens in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/3-add-request","title":"Define an API request in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/5-postman-links","title":"Postman API documentation links"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/6-example","title":"Client credentials flow with a defined scope in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/2-grantinguathz","title":"Granting authorization to the API with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/3-api-call-examples","title":"API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/5-object-oriented-impl-example","title":"Object oriented implementation for REST API in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/4-enabling-disabling-user","title":"Enabling/Disabling a user with API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/6-OTP-verification","title":"OTP Verification in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/1-createauthprovider","title":"Create OpenIAM oAuth provider in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/1-createauthprovider","title":"Create OpenIAM Provider"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/2-grantauthz","title":"Granting authorization to the API with Java"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov/1-newhires","title":"New hires"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/3-azuread","title":"Entra ID"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/6-importroles","title":"Import Roles"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/1-provisioningCSV","title":"Creating a synchronization configuration for the source"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/3-creating-searching-users","title":"Creating and searching a user with API call in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/4-calls-examples","title":"API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/2-policymap","title":"Policy map"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/5-enabling-disabling-users","title":"Enabling/Disabling a user with API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/4-birthright","title":"New hire"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/5-transfer","title":"Transfer"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/3-creatingrole","title":"Creating role"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/6-termination","title":"Terminations"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/2-rpm","title":"Connectors via RPM"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/3-docker","title":" Connectors via Docker"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/4-k8","title":" Connectors via Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/3-troubleshooting","title":"Troubleshooting"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/1-config-synch","title":"Configuring synchronization for importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/3-common-questions","title":"Common questions"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/1-rpm-with-internet","title":"Installation with Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/2-rpm-no-internet","title":"Installation without Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/3-nonroot-partition","title":"Installing OpenIAM on a non-root partition"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/1-one-node","title":"Single node deployment"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch","title":"Configuring synchronization for importing entitlements"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/2-three-node","title":"Three node cluster"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/1-databasemigration","title":"Database migration from version 3.X to 4.X"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-4-2","title":"Upgrading OpenIAM to v.2026.4.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/3-upgradingto-42111","title":"Upgrading from versions 4.2.1.9-4.2.1.10 to version 4.2.1.11 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/2-upgradingto-42110","title":"Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-migrating-index-data","title":"Migration of index data from older ElasticSearch versions to newer one"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-upgradingto-42112","title":"Upgrading from versions 4.2.1.x to version 4.2.1.12 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-infrastructure_upgrade","title":"Infrastructure upgrade"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-upgradingto-42115","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/6-infra-upgrade-42113","title":"Infrastructure upgrade in v4.2.1.13"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrade2026.5.2","title":"Upgrading notes for v.2026.5.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/7-upgradingto-422","title":"Upgrading OpenIAM from versions 4.2.1.x to 4.2.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-2-1","title":"Upgrading OpenIAM to v.2026.2.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-1","title":"Upgrading OpenIAM to v.2026.3.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-2","title":"Upgrading OpenIAM to v.2026.3.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/9-422-changes","title":"Known issues related to upgrading from 4.2.1.x to 2026.4.1 version"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/1-oracle","title":"Installing OpenIAM with a remote Oracle database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/2-postgres","title":"Installing OpenIAM with a remote Postgres database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/1-upgrade-4219","title":"Upgrade from version 4.2.1.5-4.2.1.8 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/3-MSSQL","title":"Installing OpenIAM with a remote MSSQL database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/2-upgrade-42110","title":"Upgrade from version 4.2.1.9 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/4-upgrade-42115","title":"Upgrade from version 4.2.1.x to version 4.2.1.15 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/3-upgrade-42113k8-rabbitmq","title":"Upgrading from version below 4.2.1.8 to version 4.2.1.13 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/4-upgrade-42115k8","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/3-upgrade-42111","title":"Upgrade from version 4.2.1.10 to version 4.2.1.11 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/5-upgrade-42112k8","title":"Upgrading from version 4.2.1.x to version 4.2.1.12 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/7-upg-notes20206.5.2","title":"Upgrading notes for v.2026.5.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/6-upgrade-422k8","title":"Upgrading from version 4.2.1.x to version 4.2.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/2-aws","title":"AWS Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/3-helm","title":"Private Kubernetes Cluster using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/4-azure","title":"Azure Kubernetes Guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/1-ldapvalidation","title":"Synchronization Validation Script"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/1-gce","title":"GCE Kubernetes guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/2-ldapsynchusers","title":"LDAP User Synchronization Script"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/3-ldapattributeslists","title":"LDAP Attribute list for User Synchronization"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/1-ADgroup-transformation","title":"Sample transformation script for AD groups"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/3-ADtransformation-usergroup","title":"Sample transformation script for AD users and group memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/2-csv-transformation","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/4-csv-users-entitlements","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.2","title":"Release 4.2.2"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/4-adpowershell","title":"Active Directory PowerShell connector"}}},{"node":{"fields":{"slug":"/appendix/5-message_en_file","title":"Message properties"}}}]}},"pageContext":{"id":"a3a5c5ce-1f69-51b4-94ef-17fef5526cf7"}}, "staticQueryHashes": ["2619113677","3706406642","417421954"]}