Azure Entra IDP/HRIS Integration
Learn how to configure Azure Entra as an IDP/HRIS Integration.
If your organization uses Azure Entra as an Identity Provider, you can additionally designate it as an IDP/HRIS Integration. This allows Opal to sync your Azure Entra identities and their attributes, on top of syncing and managing access to entitlements (e.g. Azure Entra Security Groups, Azure VMs, Azure DBs, etc).
Getting started
Before you set up Azure Entra as your IDP, you must first create an Azure Entra App in Opal.
Next, set up Azure Entra as your IDP using the following instructions:
Custom attributes
Note: Opal only supports string type Custom Security Attributes.
- Opal's Azure app must have the
CustomSecAttributeAssignment.ReadWrite.Allapplication permission assigned.- Go to
App Registrations. - In the sidebar, go to
API Permissionsand selectAdd a permission. ChooseMicrosoft Graph> Application Permissions and addCustomSecAttributeAssignment.ReadWrite.All
- Go to
- Opal tags should have the format
<customAttributeSetName>.<attributeName>. ex.Student.IsFallInternin order to properly match the Azure attributes. These are case-sensitive.
Updated about 1 month ago