πŸ“‹ Microsoft Entra Documentation Changes

Daily summary for changes since December 21st 2025, 7:42 PM PST

Report generated on December 22nd 2025, 7:42 PM PST

πŸ“Š Summary

15
Total Commits
0
New Files
10
Modified Files
0
Deleted Files
3
Contributors

πŸ“ Modified Documentation Files

MODIFIED docs/identity/saas-apps/oracle-hcm-provisioning-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 9:19 PM
πŸ“– View on learn.microsoft.com
+9 / -12 lines changed
Commit: clarify fusion cloud and licensing prereq
Changes:
Before
After
---
title: Configure Oracle Human Capital Management (HCM) for automatic user provisioning
description: Integrating Oracle Human Capital Management (HCM) with Microsoft Entra ID and on-premises Active Directory using the Inbound Provisioning API.
author: jenniferf-skc
manager: femila
ms.reviewer: rahuln3223
 
# Configure Oracle Human Capital Management (HCM) for automatic user provisioning
 
The Inbound Provisioning API is a capability that allows you to create, update, and delete users in Microsoft Entra ID and on-premises Active Directory from an external source, such as Oracle Human Capital Management (HCM). This capability enables organizations to improve productivity, strengthen security and more easily meet compliance and regulatory requirements.
 
You can use [Microsoft Entra ID Governance](~/id-governance/identity-governance-overview.md) to automatically ensure that the right people have the right access to the right resources. This access includes identity and access process automation, delegation to business groups, and increased visibility.
 
 
## Terminology
 
- [Oracle HCM Fusion Cloud (oracle.com)](https://go.oracle.com/LP=139597?src1=:ad:pas:bi:dg:a_nas:l5:RC_MSFT220512P00060C01584:MainAd&gclid=9c09cb5c768b188a186aaea4b3735c3e&gclsrc=3p.ds&msclkid=9c09cb5c768b188a186aaea4b3735c3e): This guide focuses specifically on how to integrate from Oracle HCM Fusion Cloud to Microsoft Entra ID. Other Oracle offerings, such as PeopleSoft and Taleo, aren't in scope for this article.
 
- Licensing:
 
---
title: Configure Oracle Human Capital Management (HCM) for automatic user provisioning
description: Integrating Oracle Fusion Cloud Human Capital Management (HCM) with Microsoft Entra ID and on-premises Active Directory using the Inbound Provisioning API.
author: jenniferf-skc
manager: femila
ms.reviewer: rahuln3223
 
# Configure Oracle Human Capital Management (HCM) for automatic user provisioning
 
The Inbound Provisioning API is a capability that allows you to create, update, and delete users in Microsoft Entra ID and on-premises Active Directory from an external source, such as Oracle Fusion Cloud Human Capital Management (HCM). This capability enables organizations to improve productivity, strengthen security and more easily meet compliance and regulatory requirements.
 
You can use [Microsoft Entra ID Governance](~/id-governance/identity-governance-overview.md) to automatically ensure that the right people have the right access to the right resources. This access includes identity and access process automation, delegation to business groups, and increased visibility.
 
 
## Terminology
 
- [Oracle Cloud HCM (oracle.com)](https://go.oracle.com/LP=139597?src1=:ad:pas:bi:dg:a_nas:l5:RC_MSFT220512P00060C01584:MainAd&gclid=9c09cb5c768b188a186aaea4b3735c3e&gclsrc=3p.ds&msclkid=9c09cb5c768b188a186aaea4b3735c3e): This guide focuses specifically on how to integrate from Oracle Fusion Cloud HCM to Microsoft Entra ID. Other Oracle offerings, such as PeopleSoft and Taleo, aren't in scope for this article.
 
## Prerequisites
 
MODIFIED docs/identity/saas-apps/g-suite-provisioning-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 8:36 PM
πŸ“– View on learn.microsoft.com
+9 / -9 lines changed
Commit: acrolinx
Changes:
Before
After
---
title: Configure Google Cloud / Google Workplace for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Google Cloud or Google Workplace.
author: jeevansd
manager: mwongerapk
ms.service: entra-id
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Google Cloud / G Suite Connector by Microsoft so that I can streamline the user management process and ensure that users have the appropriate access to Google Cloud / G Suite Connector by Microsoft.
---
 
# Configure Google Cloud / Google Workplace for automatic user provisioning with Microsoft Entra ID
 
This article describes the steps you need to perform in both Google (Google Cloud or Google Workplace) and Microsoft Entra ID to configure automatic user provisioning. When configured, Microsoft Entra ID automatically provisions and deprovisions users and groups to [Google Workplace](https://workplace.google.com/) using the Microsoft Entra provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
 
> [!NOTE]
> This article describes a connector built on top of the Microsoft Entra user provisioning service for Google G Suite, the former name of Google Workplace. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
 
## Capabilities supported
> [!div class="checklist"]
> * Create users in G Suite
> * Remove users in G Suite when they don't require access anymore (note: removing a user from the sync scope doesn't result in deletion of the object in GSuite)
---
title: Configure Google Cloud / Google Workspace for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Google Cloud or Google Workspace.
author: jeevansd
manager: mwongerapk
ms.service: entra-id
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Google Cloud / G Suite Connector by Microsoft so that I can streamline the user management process and ensure that users have the appropriate access to Google Cloud / G Suite Connector by Microsoft.
---
 
# Configure Google Cloud / Google Workspace for automatic user provisioning with Microsoft Entra ID
 
This article describes the steps you need to perform in both Google (Google Cloud or Google Workspace) and Microsoft Entra ID to configure automatic user provisioning. When configured, Microsoft Entra ID automatically provisions and deprovisions users and groups to [Google Workspace](https://workspace.google.com/) using the Microsoft Entra provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
 
> [!NOTE]
> This article describes a connector built on top of the Microsoft Entra user provisioning service for Google G Suite, the former name of Google Workspace. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
 
## Capabilities supported
> [!div class="checklist"]
> * Create users in G Suite
> * Remove users in G Suite when they don't require access anymore (note: removing a user from the sync scope doesn't result in deletion of the object in G Suite)
MODIFIED docs/identity/saas-apps/aws-single-sign-on-provisioning-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 7:45 PM
πŸ“– View on learn.microsoft.com
+7 / -4 lines changed
Commit: update links to AWS
Changes:
Before
After
 
# Configure AWS IAM Identity Center(successor to AWS single sign-On) for automatic user provisioning with Microsoft Entra ID
 
This article describes the steps you need to perform in both AWS IAM Identity Center(successor to AWS single sign-On) and Microsoft Entra ID to configure automatic user provisioning. When configured, Microsoft Entra ID automatically provisions and de-provisions users and groups to [AWS IAM Identity Center](https://console.aws.amazon.com/singlesignon) using the Microsoft Entra provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
 
 
## Capabilities Supported
> * Remove users in AWS IAM Identity Center when they no longer require access
> * Keep user attributes synchronized between Microsoft Entra ID and AWS IAM Identity Center
> * Provision groups and group memberships in AWS IAM Identity Center
> * [IAM Identity Center](aws-single-sign-on-tutorial.md) to AWS IAM Identity Center
 
## Prerequisites
 
The scenario outlined in this article assumes that you already have the following prerequisites:
 
[!INCLUDE [common-prerequisites.md](~/identity/saas-apps/includes/common-prerequisites.md)]
* A SAML connection from your Microsoft Entra account to AWS IAM Identity Center, as described in Tutorial
 
## Step 1: Plan your provisioning deployment
 
# Configure AWS IAM Identity Center(successor to AWS single sign-On) for automatic user provisioning with Microsoft Entra ID
 
This article describes the steps you need to perform in both AWS IAM Identity Center(successor to AWS single sign-On) and Microsoft Entra ID to configure automatic user provisioning. When configured, Microsoft Entra ID automatically provisions and de-provisions users and groups to [AWS IAM Identity Center](https://console.aws.amazon.com/singlesignon) using the Microsoft Entra provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md). You can then use those users and groups in AWS IAM Admin Center for user access to other Amazon Web Services (AWS) applications or accounts.
 
 
## Capabilities Supported
> * Remove users in AWS IAM Identity Center when they no longer require access
> * Keep user attributes synchronized between Microsoft Entra ID and AWS IAM Identity Center
> * Provision groups and group memberships in AWS IAM Identity Center
> * [Single sign on through AWS IAM Identity Center](aws-single-sign-on-tutorial.md) to AWS
 
## Prerequisites
 
The scenario outlined in this article assumes that you already have the following prerequisites:
 
[!INCLUDE [common-prerequisites.md](~/identity/saas-apps/includes/common-prerequisites.md)]
* An AWS IAM Identity Center-enabled account
* A SAML connection from your Microsoft Entra account to AWS IAM Identity Center, as described in the [Configure AWS IAM Identity Center for Single sign-on with Microsoft Entra ID tutorial](aws-single-sign-on-tutorial.md)
 
MODIFIED docs/identity/saas-apps/shopify-plus-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 8:06 PM
πŸ“– View on learn.microsoft.com
+2 / -2 lines changed
Commit: add shopify
Changes:
Before
After
 
# Configure Shopify Plus for Single sign-on with Microsoft Entra ID
 
In this article, you learn how to integrate Shopify Plus with Microsoft Entra ID. When you integrate Shopify Plus with Microsoft Entra ID, you can:
 
* Control in Microsoft Entra ID who has access to Shopify Plus.
* Enable your users to be automatically signed-in to Shopify Plus with their Microsoft Entra accounts.
 
## Configure Shopify Plus SSO
 
To view the full steps, see [Shopify's documentation on setting up SAML integrations](https://help.shopify.com/en/manual/shopify-plus/saml).
 
To configure single sign-on on the **Shopify Plus** side, copy the **App Federation Metadata URL** from Microsoft Entra ID. Then, log into the [organization admin](https://shopify.plus) and go to **Users** > **Security**. Select **Set up configuration**, and then paste your App Federation Metadata URL in the **Identity provider metadata URL** section. Select **Add** to complete this step.
 
 
# Configure Shopify Plus for Single sign-on with Microsoft Entra ID
 
In this article, you learn how to integrate [Shopify Plus](https://www.shopify.com/plus) with Microsoft Entra ID. When you integrate Shopify Plus with Microsoft Entra ID, you can:
 
* Control in Microsoft Entra ID who has access to Shopify Plus.
* Enable your users to be automatically signed-in to Shopify Plus with their Microsoft Entra accounts.
 
## Configure Shopify Plus SSO
 
To view the full steps, see [Shopify's documentation on setting up SAML integrations](https://help.shopify.com/en/manual/your-account/users/security/advanced-security-features/saml).
 
To configure single sign-on on the **Shopify Plus** side, copy the **App Federation Metadata URL** from Microsoft Entra ID. Then, log into the [organization admin](https://shopify.plus) and go to **Users** > **Security**. Select **Set up configuration**, and then paste your App Federation Metadata URL in the **Identity provider metadata URL** section. Select **Add** to complete this step.
 
MODIFIED docs/identity/saas-apps/aws-single-sign-on-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 7:45 PM
πŸ“– View on learn.microsoft.com
+3 / -0 lines changed
Commit: update links to AWS
Changes:
Before
After
## Related content
 
Once you configure AWS IAM Identity Center you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
 
 
 
## Related content
 
Once you configure AWS IAM Identity Center you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
 
* [Automate user provisioning to AWS IAM Identity Center](./aws-single-sign-on-provisioning-tutorial.md).
* [Configure SAML and SCIM with Microsoft Entra ID and AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/idp-microsoft-entra.html)
MODIFIED docs/identity/saas-apps/cernercentral-provisioning-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 8:13 PM
πŸ“– View on learn.microsoft.com
+1 / -1 lines changed
Commit: update cerner first wiki link
Changes:
Before
After
 
1. Next, a system account must be created for Microsoft Entra ID. Use the instructions below to request a System Account for your sandbox and production environments.
 
* Instructions: https://wiki.ucern.com/display/CernerCentral/Requesting+A+System+Account
 
* Sandbox: https://sandboxcernercentral.com/system-accounts/
 
 
1. Next, a system account must be created for Microsoft Entra ID. Use the instructions below to request a System Account for your sandbox and production environments.
 
* Instructions: https://wiki.cerner.com/display/public/CernerCentral/Requesting+a+System+Account+in+System+Account+Management
 
* Sandbox: https://sandboxcernercentral.com/system-accounts/
 
MODIFIED docs/identity/saas-apps/shopify-plus-provisioning-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 8:06 PM
πŸ“– View on learn.microsoft.com
+1 / -1 lines changed
Commit: add shopify
Changes:
Before
After
 
# Configure Shopify Plus for automatic user provisioning with Microsoft Entra ID
 
This article describes the steps you need to perform in both Shopify Plus and Microsoft Entra ID to configure automatic user provisioning. When configured, Microsoft Entra ID automatically provisions and de-provisions users and groups to [Shopify Plus](https://www.shopify.com) using the Microsoft Entra provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
 
 
## Capabilities Supported
 
# Configure Shopify Plus for automatic user provisioning with Microsoft Entra ID
 
This article describes the steps you need to perform in both Shopify Plus and Microsoft Entra ID to configure automatic user provisioning. When configured, Microsoft Entra ID automatically provisions and de-provisions users and groups to [Shopify Plus](https://www.shopify.com/plus) using the Microsoft Entra provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
 
 
## Capabilities Supported
MODIFIED docs/identity/saas-apps/dropboxforbusiness-provisioning-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 7:54 PM
πŸ“– View on learn.microsoft.com
+1 / -1 lines changed
Commit: add dropbox link
Changes:
Before
After
The objective of this article is to demonstrate the steps to be performed in Dropbox for Business and Microsoft Entra ID to configure Microsoft Entra ID to automatically provision and de-provision users and/or groups to Dropbox for Business.
 
> [!IMPORTANT]
> In the future, Microsoft and Dropbox is deprecating the old Dropbox integration. This was originally planned for 4/1/2021, but has been postponed indefinitely. However, to avoid disruption of service, we recommend migrating to the new SCIM 2.0 Dropbox integration which supports Groups. To migrate to the new Dropbox integration, add and configure a new instance of Dropbox for Provisioning in your Microsoft Entra tenant using the steps below. Once you have configured the new Dropbox integration, disable Provisioning on the old Dropbox integration to avoid Provisioning conflicts. For more detailed steps on migrating to the new Dropbox integration, see [Update to the newest Dropbox for Business application using Microsoft Entra ID](https://help.dropbox.com/installs-integrations/third-party/update-dropbox-azure-ad-connector).
 
> [!NOTE]
> This article describes a connector built on top of the Microsoft Entra user provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
The objective of this article is to demonstrate the steps to be performed in Dropbox for Business and Microsoft Entra ID to configure Microsoft Entra ID to automatically provision and de-provision users and/or groups to Dropbox for Business.
 
> [!IMPORTANT]
> In the future, Microsoft and Dropbox is deprecating the old Dropbox integration. This was originally planned for 4/1/2021, but has been postponed indefinitely. However, to avoid disruption of service, we recommend migrating to the new SCIM 2.0 Dropbox integration which supports Groups. To migrate to the new Dropbox integration, add and configure a new instance of Dropbox for Provisioning in your Microsoft Entra tenant using the steps below. Once you have configured the new Dropbox integration, disable Provisioning on the old Dropbox integration to avoid Provisioning conflicts. For more detailed steps on migrating to the new Dropbox integration, see [Update to the newest Dropbox for Business application using Microsoft Entra ID](https://help.dropbox.com/installs-integrations/third-party/update-dropbox-azure-ad-connector) and [Connect Dropbox with Microsoft Entra ID](https://help.dropbox.com/integrations/microsoft-entra-id).
 
> [!NOTE]
> This article describes a connector built on top of the Microsoft Entra user provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
MODIFIED docs/identity/saas-apps/adobe-identity-management-provisioning-oidc-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 7:29 PM
πŸ“– View on learn.microsoft.com
+1 / -1 lines changed
Commit: update link to adobe docs
Changes:
Before
After
* [A Microsoft Entra tenant](~/identity-platform/quickstart-create-new-tenant.md).
* One of the following roles: [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator), [Cloud Application Administrator](/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator), or [Application Owner](/entra/fundamentals/users-default-permissions#owned-enterprise-applications).
* A federated directory in the [Adobe Admin Console](https://adminconsole.adobe.com/) with verified domains.
* Review the [adobe documentation](https://helpx.adobe.com/enterprise/admin-guide.html/enterprise/using/add-azure-sync.ug.html) on user provisioning
 
> [!NOTE]
> If your organization uses the User Sync Tool or a UMAPI integration, you must first pause the integration. Then, add Microsoft Entra automatic provisioning to automate user management. Once Microsoft Entra automatic provisioning is configured and running, you can completely remove the User Sync Tool or UMAPI integration.
* [A Microsoft Entra tenant](~/identity-platform/quickstart-create-new-tenant.md).
* One of the following roles: [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator), [Cloud Application Administrator](/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator), or [Application Owner](/entra/fundamentals/users-default-permissions#owned-enterprise-applications).
* A federated directory in the [Adobe Admin Console](https://adminconsole.adobe.com/) with verified domains.
* Review the [Adobe documentation](https://helpx.adobe.com/enterprise/using/add-azure-sync.html) on user provisioning
 
> [!NOTE]
> If your organization uses the User Sync Tool or a UMAPI integration, you must first pause the integration. Then, add Microsoft Entra automatic provisioning to automate user management. Once Microsoft Entra automatic provisioning is configured and running, you can completely remove the User Sync Tool or UMAPI integration.
MODIFIED docs/identity/saas-apps/adobe-identity-management-provisioning-saml-tutorial.md
Modified by Mark Wahl on Dec 22, 2025 7:29 PM
πŸ“– View on learn.microsoft.com
+1 / -1 lines changed
Commit: update link to adobe docs
Changes:
Before
After
* [A Microsoft Entra tenant](~/identity-platform/quickstart-create-new-tenant.md).
* One of the following roles: [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator), [Cloud Application Administrator](/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator), or [Application Owner](/entra/fundamentals/users-default-permissions#owned-enterprise-applications).
* A federated directory in the [Adobe Admin Console](https://adminconsole.adobe.com/) with verified domains.
* Review the [adobe documentation](https://helpx.adobe.com/enterprise/admin-guide.html/enterprise/using/add-azure-sync.ug.html) on user provisioning
 
> [!NOTE]
> If your organization uses the User Sync Tool or a UMAPI integration, you must first pause the integration. Then, add Microsoft Entra automatic provisioning to automate user management. Once Microsoft Entra automatic provisioning is configured and running, you can completely remove the User Sync Tool or UMAPI integration.
* [A Microsoft Entra tenant](~/identity-platform/quickstart-create-new-tenant.md).
* One of the following roles: [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator), [Cloud Application Administrator](/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator), or [Application Owner](/entra/fundamentals/users-default-permissions#owned-enterprise-applications).
* A federated directory in the [Adobe Admin Console](https://adminconsole.adobe.com/) with verified domains.
* Review the [Adobe documentation](https://helpx.adobe.com/enterprise/using/add-azure-sync.html#add-sync) on user provisioning
 
> [!NOTE]
> If your organization uses the User Sync Tool or a UMAPI integration, you must first pause the integration. Then, add Microsoft Entra automatic provisioning to automate user management. Once Microsoft Entra automatic provisioning is configured and running, you can completely remove the User Sync Tool or UMAPI integration.

πŸ€– This report was automatically generated by the Entra Docs Monitor

πŸ“§ Delivered to merill@merill.net

πŸ”— Visit Repository