Home
Product Guides
Start typing to search…

Provision Users to Microsoft Entra ID

Overview

You can provision users from Fixiam into Microsoft Entra ID, allowing you to manage user identities centrally while keeping your Entra environment up to date.

Once configured, users assigned access in Fixiam can be created and updated in Microsoft Entra ID automatically.

Before You Begin

Make sure the following are in place:

  • The Microsoft Entra ID application has been added in Fixiam
    → See: [How to Add and Configure Applications]

  • You have admin access to your Microsoft Entra ID tenant

  • You can create and manage app registrations in Entra ID

  • Users in Fixiam must have valid email domains that match your Entra ID tenant
    (e.g. [email protected])

Important:
If a user does not have a valid domain, provisioning to Entra ID will fail.

How It Works

  1. You connect Fixiam to Microsoft Entra ID using API credentials
  2. You assign users access through groups in Fixiam
  3. Fixiam provisions those users into Entra ID
  4. Entra ID creates the user account

Step 1: Prepare Microsoft Entra ID

You need to create an application in Entra ID to generate the required credentials.

  1. Log in to Microsoft Entra ID
  2. Go to App Registrations
  3. Click New Registration
  4. Enter a name for the application
  5. Complete the registration

Get the required details:

  • Tenant ID
    Found in your Entra tenant overview

  • Client ID
    Found in the application overview

Create Client Secret

  1. Go to Certificates & Secrets
  2. Click New Client Secret
  3. Add a description and expiration
  4. Save

Important:

  • Copy the Client Secret immediately
  • You will not be able to view it again after leaving the page

Additional Details

  • Token Endpoint
    Provided by Microsoft based on your tenant

  • Scope
    Defined based on the permissions required for provisioning

Step 2: Open Provisioning in Fixiam

  1. Go to the Provisioning section
  2. Select Outbound Provisioning
  3. Locate your Microsoft Entra ID application

Step 3: Set Up Connection

  1. Open the action menu
  2. Click Set Up Connection

Provide the following:

  • Tenant ID
  • Client ID
  • Client Secret
  • Token Endpoint
  • Scope
  1. Click Save
  2. Click Test Connection

If successful, the connection will be established.

Step 4: Provision Users

Users are provisioned based on access.

  • Only users assigned to the application through groups will be provisioned
  • If a user is not assigned via a group, they will not be created in Entra ID

To provision users:

  1. Assign users to a group that has access to the application
  2. Ensure the group is linked to Microsoft Entra ID

→ See: [Managing Groups and Access]

What Happens After Provisioning

  • Users are created in Microsoft Entra ID
  • A temporary password is generated by Fixiam

Important:

  • The temporary password is not visible to the user
  • Fixiam does not send the password to the user

To complete onboarding:

  • An Entra ID administrator must reset the user’s password
  • The user will receive a password setup link from Entra ID

Troubleshooting

User is not provisioned

  • Ensure the user has a valid email domain
  • Confirm the user is assigned via a group

Connection test fails

  • Verify all credentials are correct
  • Ensure the client secret is valid and not expired

User cannot log in after provisioning

  • Reset the user’s password in Entra ID
  • Ensure onboarding is completed

Permission or authentication errors

  • Verify API permissions in Entra ID
  • Confirm admin consent has been granted if required

Summary

Provisioning to Microsoft Entra ID allows you to:

  • Manage users centrally from Fixiam
  • Keep Entra ID in sync automatically
  • Reduce manual user creation and onboarding effort

Updated 9 days ago