Page tree
Skip to end of metadata
Go to start of metadata

Status

FunctionalityExperimental
Support statusSupportable
Support provided byEvolveum
OriginEvolveum
Target systemsOffice365, Azure Active Directory

Currently being developed. Basic features work well, currently lacking full group support due to Azure Active Directory Graph API limitations.

Description

Connector usable for connecting to Office 365 and Azure Active Directory using the Azure AD Graph API 

Protocol

Graph API

Framework

OpenICF 1.1.x

Bundle name

Office365.Connector

Connector name

Org.IdentityConnectors.office365.Office365Connector


Capabilities and Features

SchemaYES

Provisioning

YES


Live Synchronization

No


Password

YES


Activation

YES


Script execution

No


Versions

TODO

Version

Origin

Binary

Sources

Build Date

Description








Documentation

Introduction

TODO

Limitations

Currently only users are supported, group management has not been implemented at present due to the Azure Active Directory Graph API not supporting the creation of mail enabled groups currently.

Supported attributes

The connector supports all attributes supported by AD connector, along with the following Exchange ones. Descriptions are taken from Microsoft's site.

AttributeDescriptionOffice365 counterpartNotes
city
city
country
county
department
department
displayName
displayName
facsimileTelephoneNumber
facsimileTelephoneNumber
givenName
givenName
jobTitle
jobTitle
licenses

Licenses are in the format:

SKU:PLAN:PLAN

if you wish to assign only certain plans to a user, if you wish to assign all plans within a SKU to a user simply specify

SKU

SKUs are the subscriptions such as "Microsoft Office 365 Plan A3 for Students" and plans are the individual components "Exchange Online (Plan 2)"


The SKU and plan need to be specified in the short format which can be found using the Graph Explorer (http://graphexplorer.cloudapp.net/) the SKU is the skuPartNumber (e.g. ENTERPRISEPACK_STUDENT) and the PLAN is the servicePlanName (e.g. EXCHANGE_S_ENTERPRISE)

mail
mail
mailNickname
mailNickname
mobile
mobile
otherMails
otherMails
forceChangePasswordNextLoginBoolean to force change of password at next loginforceChangePasswordNextLoginOnly used in managed domains
physicalDeliveryOfficeName
physicalDeliveryOfficeName
postalCode
postalCode
preferredLanguage
preferredLanguage
proxyAddresses
proxyAddresses
state
state
streetAddress
streetAddress
surname
surname
telephoneNumber
telephoneNumber
thumbnailPhoto
thumbnailPhoto
immutableId
immutableId

Mandatory for federated domains

This string is base64 encoded and must match that which is passed as the immutable ID within the federation solution.

Depending on the source of the attribute and the federation solution being used the way the attribute is base 64 encoded varies and within this connector can be configured using the immutableIDEncodeMechanism configuration variable.

Microsoft manipulate the order of the bits a GUID when base 64 encoding hence the various encoding mechanisms.

TODO expand

usageLocation

Mandatory if licenses are to be assigned
NAME

This should match the userPrincipalName within a federated environment


Resource Sample

Office 365


  • No labels