Add Microsoft Azure to Zoho Directory | Admin Guide - Zoho Directory

Add Microsoft Entra ID to Zoho Directory

Prerequisites:

Roles required to perform this action :
  1. Organization Owner
  2. Organization Admin

Add Entra ID to Zoho Directory

Using API
Using SCIM
Using API

In Microsoft Entra ID: 

  1. Sign in to Microsoft Entra admin center.
  2. In the left panel, click Entra ID, then click App registrations.
  3. Click New registration and enter the Name for your application.
  4. Under Supported account types, select Accounts in this organizational directory only.
  5. Under Redirect URI, select Web from the drop-down, and enter the URL based on your DataCenter(DC) from the below table:

    Data Center
     Redirect URI
    Japan
    https://directory.zoho.jp/provision/oauth/callback
    US
    https://directory.zoho.com/provision/oauth/callback
    Europe
    https://directory.zoho.eu/provision/oauth/callback
    China
    https://directory.zoho.com.cn/provision/oauth/callback
    India
    https://directory.zoho.in/provision/oauth/callback
    Australia
    https://directory.zoho.com.au/provision/oauth/callback
    UK
    https://directory.zoho.uk/provision/oauth/callback
    Canada
    https://directory.zohocloud.ca/provision/oauth/callback
    Saudi Arabia
    https://directory.zoho.sa/provision/oauth/callback

  6. Click Register. You will be redirected to the Overview page when the app is registered.
  7. Copy the Application (client) ID, Object ID, and Directory (tenant) ID to your clipboard.
  8. Navigate to Certificates & secrets, then click New client secret.
  9. Enter a Description and click Add.
  10. Copy the generated Value to your clipboard.

In Zoho Directory

Add store

  1. Sign in to Zoho Directory, then click ADMIN PANEL in the left menu.
  2. Go to Directory Stores, and click Add Directory.
  3. Click Add under Microsoft Entra ID.
  4. In the API INTEGRATION section, enter the Tenant ID, Object ID, Client ID, and Client Secret copied from Microsoft Entra ID, and click Next.
  5. In the popup that opens, provide your consent using the check box and click Accept. If you do not have an active session in the same browser, you must enter the credentials of your Microsoft Entra ID admin account to authenticate.

Configure field mapping

Under FIELD MAPPING, map the fields available in Zoho Directory to the fields in Microsoft Entra ID. During import, user data from Microsoft Entra ID will be updated in Zoho Directory fields based on the configuration in this section.

You can choose how to map fields from Microsoft Entra ID with a hard-coded value in Zoho Directory. For example, you can configure the work location for all users synced from Microsoft Entra ID to be "India" in Zoho Directory.
To do this:
  1. Hover over the field you wish to configure a hard-coded value and click Edit next to a field.
  2. Select Hard-coded value and enter the value you to update.
  3. Click Ok.
In similar way, you can choose to map fields from Microsoft Entra ID to contain a custom Microsoft Entra ID attribute. Learn how to create custom attributes in Zoho Directory
To do this:
  1. Hover over the fields you wish to configure with a custom Microsoft Entra ID attribute and click Edit next to the field.
  2. Select Custom Microsoft Entra ID and enter the exact custom field name from Microsoft Entra ID. Click OK.
  3. Click Save and Next once you have configured field mapping.
Notes
The custom attribute is case sensitive and must match the custom attribute of Microsoft Entra ID exactly. If the field name does not match, the field mapping will fail.

Configure Settings

In this section, you can configure user settings, such as mail notification, password notification, status sync and resource sync.
  1. Under Mail Notification, choose whether the users and admins can receive email notifications. Click Notify via mail.
  2. Under Password Notification section, choose how newly synced users will receive their one time password to access their accounts.
    1. You can choose to send the password via email to the user or the admin, which they can be use to access the account and reset the password upon successful login.
    2. You can choose not to notify anyone and send the user invitation manually. 
      Notes
      NOTE: Password Notification can be configured only for users whose email address has a verified domain name.
  3. Under Status Sync, choose how the change in user status from Microsoft Entra ID should reflect in Zoho Directory.
  4. Click Save and Next.
  5. Under Resource Sync, choose the resources you want to be sync from Microsoft Entra ID.
  6. Click Save and Next.
  7. Under Criteria, choose how you want to sync users from Microsoft Entra ID. Learn more about editing criteria details. You can either sync all the users or few users based on criteria in Zoho Directory.
    1. To set criteria, select a criteria from the options, choose a relationship, and enter the criteria's value as needed.
    2. You can also set multiple criteria. To add more than one criteria, click beside the criterion 1, enter your condition (whether OR or AND), and define the next criteria.
  8. Once done, click Save and Next.
  9. Enable Schedule Sync to import users from Microsoft Entra ID automatically at a specific time interval. Choose how often the sync should run on a daily, weekly, or monthly basis, and set the preferred time in the Time.
  10. Once done, click Save and Close.

Import Users

This section lets you configure the user import process from Microsoft Entra ID to Zoho Directory. Users in Microsoft Entra ID who meet the chosen criteria will be listed as follows:
  1. New Users - Microsoft Entra ID users who do not have an account in Zoho Directory will be listed here. During user import, users you select here will be added to Zoho Directory.
  2. Update Users - Microsoft Entra ID users who are already added to Zoho Directory will be listed here. During user import, the details of the users you select here will be updated in Zoho Directory.
  3. Users to Activate - This section lists Microsoft Entra ID users who are part of Zoho Directory but are inactive. During user import, users you select here will be activated in Zoho Directory.
  4. Users to Deactivate - This section lists users who are deactivated in Microsoft Entra ID but are active in Zoho Directory. During user import, the users you select here will be deactivated in Zoho Directory.

To configure user import,

  1. Select the required users and click Next.
  2. Click Import Users.
Notes
If the user count is more than 200, the import will happen as a staged process and might take time.
User information in Microsoft Entra ID and Zoho Directory will be synced once the user import is complete.
Using SCIM

In Zoho Directory:

  1. Sign in to Zoho Directory, then click Admin Panel in the left-menu.
  2. Go to Directory Stores, then click Add Directory.
  3. Click Add next to Entra ID. 
  4. Under API INTEGRATION, note down the Sync endpoint and SCIM token. Later on, you'll have to provide this information in Microsoft Entra ID app (instructions for performing this task have been included in this document).
  5. Click Next.
  6. Map the fields available in Zoho Directory to the fields available in Entra ID. If you'd like to have all users synced from Entra ID to have the same value for a field, map that field with a hard-coded value. For example, if you want the value for the field 'Work Location' as 'Main Building', then you can type Main Building as a value for the Hard-coded Value.
    To map a hard-coded value with a field:
    1. Click Edit next to a field.
    2. Enter the value you need in the Hard-coded Value field.
    3. Click Ok.
  7. Click Next.
  8. Under SETTINGS, next to Password Notification, choose how you want your users to receive their One Time Password.
    Notes
    Password Notification setting is only applicable to users' whose email address has a verified domain name.

  9. Click Status Sync in the left corner.
  10. Choose how the change in user status on Entra ID should be reflected in Zoho Directory.
  11. Click Save and Next.
  12. Choose how you want to sync users from Entra ID based on the criteria applied in Zoho Direct. You can either choose to sync users for a few users matching the criteria or all users. You can also set multiple criteria based on your needs.
  13. To set criteria, select a criteria from the options, choose a relationship, and enter the criteria's value as needed.

While adding more than one criteria, you can also choose to enter it manually. Click Edit, enter your condition (whether OR or AND), and click Save.
14. Once done, click Save and Close.

In Microsoft Entra ID:

  1. Go to the provisioning setup screen of the apps that you want to manage in Zoho Directory. Follow the steps provided in this help document to set up provisioning. Use the Sync Endpoint and SCIM token that you have copied in API Integration (step 4 from the provisioning setup in Zoho Directory). 
  2. After the provisioning setup:
  3. To sync the users' information immediately, select the user from the required app and click Provision.
  4. To sync the users' information at 40 minute intervals, select the app, go to Provisioning on the left menu, and tap Start provisioning. The user information will be synced automatically until you stop the provisioning.