I want to sync users from Azure AD to Forgerock open. Whenever users are created/deleted in Azure AD. I want the users to be created/deleted in forge rock open. I have established the SAML federation between forge rock and Azure AD. Any suggestions on how this can be done.
Asked
Active
Viewed 184 times
-1
-
1If you use SAML2 'auto-federation' , you could at least generate a user profile on OpenAM side when the SAML flow succeeds. – Bernhard Thalmayr Sep 04 '20 at 10:09
1 Answers
0
OpenAM is not able to actively sync any users. OpenIDM is the Forgerock tool for syncing/provisioning users. However, I'm not sure if there is a connector for (live-)syncing Azure AD, but you will probably find it out if you plan to use OpenIDM.
What should probably be possible is to use JIT-Provisioning to store those users logging in via federation to an LDAP/OpenDJ userstore. But that means users will only be updated when they login (and thus will never be deleted).
Jonas Heinisch
- 363
- 2
- 12