...
Field | Description |
|---|---|
Name | Any name you want to choose for this directory. |
Tenant | Azure AD instance unique identifier. |
Domain hint | Login domain hint. This field can be used to auto redirect user to on-premises ADFS if all users belong to a domain that should use it. refer to Microsoft documentation for more information. |
Client ID | OpenID Connect |
Client secret | OpenID Connect |
Scope | Adjust scope if needed. Scope defines what user information/attributes can be imported. Refer to Microsoft documentation for more information about appropriate Scope values. |
Attribute names to fetch from GraphAPI (extra values) | Fetch these user attributes from GraphAPI on sign-in. This field is needed only on special cases where you have defined dot-separated mapping like “onPremisesExtensionAttributes“ |
User information
After you have configured necessary core settings, you may need to adjust user attribute mappings. Default mappings are suitable for most cases.
...
Field | Description | Default value |
|---|---|---|
Import user’s photo | Import user’s profile photo from Azure AD. | True (checked) |
Group information
Azure AD uses common group attribute mappings, with some additions.
...
Below is table that describes Azure AD specific fields for group information.
Field | Description | Default value |
|---|---|---|
Import security enabled groups only | Import only security enabled groups from Azure AD (GraphAPI). For more information, see https://docs.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0 | False (not checked) |
Select which group memberships to be imported | It is possible to import either direct group memberships only or all group memberships, including transitive memberships (ie. membership via another nested group) | Import all group memberships, including transitive memberships |