Cybersecurity Data & Analytics Digital Workspace Cloud Infrastructure Application Development Artificial Intelligence
Services Overview
Workshops Assessments Masterminds Technical Solutions Manager Cybersecurity Advisory Program Implementation Project Management Staffing
Blog Webinars Insights News Security Events
Why Alchemy Partners Team Awards Careers Contact Us
Blog | Insights June 6, 2024

Provisioning Active Directory Accounts with EntraID

Provisioning Active Directory Accounts with EntraID

Meeting the provisioning requirements of an organization can be a challenge. EntraID often meets these needs but has historically failed to provision cloud accounts into Active Directory. Although some SaaS applications like Workday have built-in connectors to handle this task, EntraID has lacked this capability until now.

This blog post outlines the prerequisites and steps required to set up EntraID to provision cloud accounts into Active Directory.

Prerequisites:

  1. Access to the EntraID portal with Application Administrator and Hybrid Identity Administrator roles.
  2. A domain-joined Windows server to install and configure the provisioning agent.

Step 1 – Create the Provisioning application

  1. From the Entra ID portal, create a new Enterprise Application.
  2. Search for: “API-driven provisioning to on-premises Active Directory.”
  3. Once the application has been created, select the “Provisioning” option.

Step 2 – Configure Inbound provisioning to Active Directory

  1. Select “Getting Started,” set the provisioning mode to “Automatic,” and enter the necessary domain and OU information.
  2. Select the option to view on-premises agents.
  3. Download and configure the provisioning agent on the on-premises domain joined server.NOTE: The instructions for configuring this agent are located here: https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/how-to-install
  4. Test the connection to make sure EntraID can connect to the provisioning agent.
  5. Expand the mappings section, select the hyperlink, and review the default mappings.
  6. Expand the settings section and enter a valid email address.
  7. The last step is to grant access to the inbound provisioning API. Those steps are documented here: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/inbound-provisioning-api-grant-access.

Following these steps, you can effectively set up EntraID to provision cloud accounts into Active Directory, ensuring your organization’s needs are met efficiently and reliably.

Author

Author avatar Alchemy Author
Share

More Articles

Insights
Apr 27, 2026

When Glean Needs Snowflake: Why Enterprise AI Still Depends on Analytics Platforms

andy-quirin avatar Andy Quirin
Company
Apr 23, 2026

Alchemy Technology Group Acquires IOvations

pete-downing avatar Pete Downing
Insights
Apr 11, 2026

Project Glasswing and the Case for a Diverse Agentic AI Strategy