Entra ID
The Microsoft Entra ID Target Connector connects Microsoft Entra ID to your source systems through the Identity & Access Management (IAM) solution HelloID by Tools4ever. This simplifies the management of both access rights and user accounts within your organization, ensures consistency, and reduces the risk of errors. In this article, you will learn more about this connector and its capabilities.
What Is Microsoft Entra ID
Microsoft Entra ID — formerly known as Azure Active Directory (Azure AD) — is Microsoft's identity and access management solution. It helps organizations secure and manage identities across hybrid and multi-cloud environments. Microsoft Entra ID is cloud-based and gives employees access to external resources, including Microsoft 365 and the Azure Portal, as well as thousands of other SaaS applications.
Why Is a Microsoft Entra ID Connector Useful?
Optimizing productivity within your organization requires access to the right services, systems, and resources at all times. This demands the correct user accounts and authorizations. Through Microsoft Entra ID, you can configure permissions using Microsoft 365 groups, giving you control over access to most Microsoft cloud services, including Microsoft Teams, SharePoint, Yammer, and Power BI. Connecting your source systems to Microsoft Entra ID automates this process, eliminating the need for manual intervention. The Microsoft Entra ID connector integrates with a range of popular source systems, including:
- AFAS
- TOPdesk
Further details about these integrations can be found later in this article.
How HelloID Helps You With Microsoft Entra ID
- Error-free account management: The integration between your source systems and Microsoft Entra ID ensures consistency and prevents errors. Users will never retain unnecessary authorizations, and accounts will not remain accessible after an employee leaves. At the same time, users always have the accounts and permissions they need to remain productive.
- Faster account creation: The Microsoft Entra ID connector significantly automates user provisioning. When a new user is added to a source system, HelloID detects the change and automatically creates an account in Entra ID. This allows you to provision users faster and get them productive sooner.
- Improved service levels: By preventing errors and ensuring consistency, the integration between your source systems and Microsoft Entra ID raises your overall service quality. Users always have the right accounts and authorizations, reducing avoidable mistakes such as incorrect permission assignments or delayed account creation.
- Successful audit completion: HelloID logs all actions and mutations in a complete audit trail, ensuring you are always prepared for audits and can demonstrate that you remain in control at all times.
- Hybrid environment support: In some cases, organizations operate in a hybrid environment — for example, when mailboxes have already been migrated to the cloud but an on-premises Active Directory is still in use. The connector supports this type of hybrid setup, allowing you to provision accounts to your on-premises Active Directory while still assigning permissions for cloud services.
- Strengthened Microsoft Entra ID account security: You can secure Microsoft Entra ID accounts using multi-factor authentication (MFA). In addition to a username and password, users verify their identity through an additional method, such as a mobile phone number or email address.
How HelloID Integrates With Microsoft Entra ID
You can connect Microsoft Entra ID to your source systems as a target system through HelloID using a connector. HelloID acts as an intermediary, translating data between your source systems and Microsoft Entra ID. The connector enables extensive automation of the account lifecycle and permission management in Microsoft Entra ID.
| Change in Source System | Action in Microsoft Entra ID |
|---|---|
| New employee | Based on information from your source systems, HelloID creates the required accounts in Microsoft Entra ID for new employees. All Entra ID account attributes can be configured through HelloID, which uses the Microsoft Graph API. When the employment start date arrives, HelloID can automatically activate the account. |
| Employee data change | HelloID updates information in Microsoft Entra ID at the attribute level, such as changes to a display name or login name. |
| Role change | A change in an employee's role often requires updated authorizations. HelloID can automatically adjust permissions in Microsoft Entra ID based on role changes made in your source systems — adding users to cloud groups to grant permissions, or removing them when conditions are no longer met. |
| Employee offboarding | When employment ends, HelloID automatically deactivates the Entra ID account and, if desired, permanently deletes it after a set period of time. |
HelloID also supports dynamic permissions, which saves significant time. Dynamic permissions in HelloID are driven entirely by source data, allowing you to configure all department groups using a single business rule, for example. HelloID identifies correlations between source data and the relevant groups. Unlike static permissions, dynamic permissions automatically adapt to the evolving structure of your organization. When a new department is added to your HR system, HelloID detects the change and automatically assigns the correct group memberships. A complete audit trail of this process is available within HelloID.
HelloID uses the Microsoft Graph API to exchange data between your source systems and Microsoft Entra ID. This RESTful web API provides access to Microsoft Cloud service resources and must be configured within Entra ID with the appropriate permissions before use.
Custom Data Exchange
The way HelloID exchanges data between your source systems and Microsoft Entra ID depends on how the target connector is configured. The connector can be tailored to the specific needs of your organization. Within Entra ID, permissions can be used to define exactly what HelloID is allowed to do.
Connector setup within HelloID always begins with an intake and design session. An intake document specifies how the Entra ID account should be created, including which attributes HelloID is permitted to update. This configuration can later be adjusted through a dashboard at any time.
HelloID manages authorization through a structured set of business rules, giving you full control over employee permissions. We deliberately prefer business rules over an authorization matrix, as business rules are more flexible, more versatile, and can be managed directly within the HelloID platform through a user-friendly interface.
Connecting Microsoft Entra ID to Source Systems Through HelloID
HelloID supports connections between a wide range of source systems and Microsoft Entra ID, enabling automated mutations in Entra ID based on source system data. These integrations reduce manual workload and elevate user and authorization management to a higher standard. Common integrations include:
AFAS – Microsoft Entra ID: This integration significantly automates manual tasks, including writing business email addresses back to the source system after provisioning a Microsoft Entra ID account. HelloID can also manage users in AFAS, such as registering the userPrincipalName (UPN) for single sign-on (SSO), and activating or blocking users in AFAS at the right time to prevent unnecessary license consumption.
TOPdesk – Microsoft Entra ID: This integration keeps TOPdesk and Microsoft Entra ID fully in sync for SSO, strengthening security and improving the user experience. It also increases productivity and simplifies the management of user accounts and authorizations.
HelloID supports over 200 connectors, enabling integration with a wide range of source and target systems. A full overview of all available connectors can be found here.
