Written by: Garth Williamson – Concensus Technologies Engineer
Micro Focus recently announced a new IDM driver – Azure Active Directory Driver. This driver is an upgrade to and replacement for the Office 365 connector. The new driver allows for provisioning and de-provisioning of users, group memberships, exchange mailboxes, roles, and licenses to the Azure AD cloud. The Azure Active Directory Driver introduces significant architectural changes over the existing Office 365 driver. The Azure AD driver not only provides all the features of the previous Office 365 connector, but also provides many new features, all through an improved design that is both more efficient and easier to configure.
- Key new features and enhancements:
• Provisioning—Manage users, group memberships, roles, and licenses in your Azure Active Directory Cloud
• Identity Manager Exchange Service—REST-based Windows service that supports Exchange Online
• Simplified License Handling—The driver lists all available service plans for your subscription and supports assigning or revoking multiple plans
• Hybrid Mode—Support for customers synchronizing to Microsoft Azure via Active Directory Connect
- Azure Active Directory Driver offers the following capabilities:
• Synchronize users and groups on Publisher and Subscriber channels
• Provision and de-provision mail and mailbox users, distribution, and mail enabled security groups
• Assign and revoke roles, group membership, and licenses using entitlements
• Extend the Azure AD schema
• Synchronize passwords from the Identity Vault
- How the Azure Active Directory Driver Works
The Azure AD driver supports data transfer on the Publisher and the Subscriber channels.
- The Publisher channel controls the data transfer as follows:
• Reads events from the change log on the configured domains
• Submits that information to the Identity Vault
- The Subscriber channel controls the data transfer as follows:
• Watches for the events from the Identity Vault objects.
• Makes changes to Azure AD based on the event data.
- Azure AD Driver
The Azure AD driver synchronizes the user identity information between the Identity Vault and Azure AD and keeps this information consistent at all times.
- Identity Manager Service for Exchange Online
The Azure AD driver uses the Identity Manager Exchange Service to provision or de-provision user mailboxes, mail users, create or remove distribution lists and security groups on Office 365 Exchange Online.
The Azure AD driver uses PowerShell for executing Exchange operations such as creation of Exchange mailbox, mail users, and groups.
- Internet Protocols
The Azure AD driver uses the following Internet protocols to exchange data between Identity Manager and Azure AD.
• REST (Representational State Transfer): An HTTP-based protocol for exchanging messages over the network. It supports POST, PUT, GET, PATCH, DELETE methods to communicate with the application logic
• HTTPS (Hypertext Transfer Protocol): An HTTP protocol over SSL (Secure Socket Layer) as a sub-layer under the regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the web server
Azure AD processes a request and returns a REST response to the driver shim. The shim receives the response as an array of bytes and converts it to an XML document before passing it back to the driver policies. The input transformation style sheet processes the response and converts it into appropriate XDS that is reported back to the Identity Manager engine.
- Identity Manager Engine
The Identity Manager engine uses XDS, a specialized form of XML (Extensible Markup Language), to represent events in the Identity Vault. Identity Manager passes the XDS to the driver policy which can consist of basic policies, DirXML Script, and XSLT (Extensible Stylesheet Language Transformation) style sheets. The Azure AD driver uses REST protocol to handle the HTTP transport of data between the Identity Vault and Azure AD.
To get more information please contact us at firstname.lastname@example.org