Skip to content

Enterprise Mobility + Security


Howdy folks,

Today’s blog is a little different – it about a preview that’s been live for a while now, but which we haven’t previously blogged about. So many of you probably didn’t even know it is available!

Back in late November we turned on Customer Attribute mapping for SAAS Apps. This gives admins the ability to customize which set of attributes from Azure AD get synced into each of the SAAS applications they are using Azure AD to manage. This has been a VERY highly requested capability so we’re glad to have it up and running.

Livio De La Cruz is the Program Manager here in the team who is driving this new set of capabilities, so I’ve asked him to give you a quick overview of the feature and how you can use it.

As always, we’d love to hear any feedback or suggestions you have.

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity and Security Services Division

—————-

Greetings!

I’m Livio De La Cruz, and I’m excited to have the opportunity to share some of the details of our new custom attribute mapping features with you.

We’ve heard from many of you about how you would like to customize how users are provisioned from Azure Active Directory to SaaS applications. Today we are releasing our first preview of a new feature that will allow you to control what information about your users get sent to the SaaS app when you set up automatic provisioning. As with all of our preview features, you can expect this feature to evolve as we respond to your feedback.

As an example, let’s say that you’ve just enabled automatic user provisioning with Salesforce. Most of the user information that Azure AD gives to Salesforce is necessary for their Salesforce accounts to function.

But what if you wanted to populate these accounts with more than just the minimum required attributes? For instance, if your employees tend to do a lot of their work in Salesforce, then they could be more productive if we populated their Salesforce accounts with information such as phone number, office location, job title, etc. This post will show you how you can make that happen.

Once provisioning is enabled, you’ll see a new tab called “Attributes” which shows the current attribute mappings between Azure AD and Salesforces.

You can add, edit, or delete mappings using the appropriate button in the toolbar:

To add a new attribute mapping, simply select the Add button, and fill in the fields shown below. For instance, if you wanted to have your users’ office phone numbers available from their Salesforce accounts, you would map the Azure AD attribute telephoneNumber to the Salesforce attribute Phone.

The customizations that you make to your mappings won’t go into effect until you select the Apply Changes button in the toolbar.

When you select Apply Changes, we will update every user assigned to this app, and you’re users will be able to see each other’s phone numbers when they sign in to Salesforce.

You will probably notice that some mappings are labeled as “calculated,” which means that we are taking the information of one or more source attributes and then modifying them into the desired format for the target attribute. You will be able to edit and define your own calculated mappings in a future update.

The other type of mapping is labeled as “default.” Rather than mapping an attribute from Azure AD, default mappings instead fill the target attribute with a constant value. You will also be able to edit default mappings in future releases of this feature.

If you make a mistake when customizing your attribute mappings, you can remove all of your modifications by clicking the Restore Default button.

I hope you get a chance to try this feature out, and please send us feedback or suggestions that you might have!

Regards,

Livio