📋 Microsoft Entra Documentation Changes

Daily summary for changes since April 26th 2026, 10:37 PM PDT

Report generated on April 27th 2026, 10:37 PM PDT

📊 Summary

72
Total Commits
0
New Files
41
Modified Files
0
Deleted Files
20
Contributors

📝 Modified Documentation Files

MODIFIED docs/identity/users/users-custom-security-attributes.md
Modified by Ken Withee on Apr 28, 2026 2:29 AM
📖 View on learn.microsoft.com
+101 / -1 lines changed
Commit: Add example: List all users and any custom security attribute assignments (AB#444679)
Changes:
Before
After
---
title: Assign, update, list, or remove custom security attributes for a user
description: Assign, update, list, or remove custom security attributes for a user in Microsoft Entra ID.
ms.date: 04/03/2026
ms.topic: how-to
ms.custom: it-pro, no-azure-ad-ps-ref, sfi-image-nochange
---
 
---
 
### List all users with a custom security attribute assignment that equals a value
 
The following example lists all users with a custom security attribute assignment that equals a value. It retrieves users with a custom security attribute named `AppCountry` with a value that equals `Canada`. The filter value is case sensitive. You must add `ConsistencyLevel=eventual` in the request or the header. You must also include `$count=true` to ensure the request is routed correctly.
 
 
 
 
 
 
 
---
title: Assign, update, list, or remove custom security attributes for a user
description: Assign, update, list, or remove custom security attributes for a user in Microsoft Entra ID.
ms.date: 04/27/2026
ms.topic: how-to
ms.custom: it-pro, no-azure-ad-ps-ref, sfi-image-nochange
---
 
---
 
### List all users and any custom security attribute assignments
 
The following example lists all users and any custom security attribute assignments. You must add `ConsistencyLevel=eventual` in the request or the header. You must also include `$count=true` to ensure the request is routed correctly.
 
# [PowerShell](#tab/ms-powershell)
 
[Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser)
 
```powershell
$userAttributes = Get-MgUser -CountVariable CountVar -Property "id,displayName,customSecurityAttributes" -ConsistencyLevel eventual
MODIFIED docs/global-secure-access/powershell-samples.md
Modified by Ken Withee on Apr 27, 2026 6:17 PM
📖 View on learn.microsoft.com
+40 / -10 lines changed
Commit: Update PowerShell samples overview to include all samples (AB#572995)
Changes:
Before
After
---
title: PowerShell samples for Global Secure Access
description: Use these PowerShell samples for Global Secure Access.
ms.topic: sample
ms.date: 03/13/2026
ms.reviewer: katabish
ai-usage: ai-assisted
---
 
# Global Secure Access PowerShell examples
 
## Overview
 
Sample scripts provide guidance on tasks for Global Secure Access using PowerShell.
The samples require the [Microsoft Graph Beta PowerShell module](/powershell/microsoftgraph/installation) 2.10 or newer, unless otherwise noted.
 
## Get token for connector
Use the [Get token for connector](scripts/powershell-get-token.md) script to get the Auth Token for registering your Microsoft Entra private network connector through Azure Marketplace.
 
## Next steps
---
title: PowerShell samples for Global Secure Access
description: Use these PowerShell samples to automate common Global Secure Access tasks, including connector registration, client install, traffic forwarding bypasses, break glass scenarios, and TLS certificate creation.
ms.topic: sample
ms.date: 04/27/2026
ms.reviewer: katabish
ai-usage: ai-assisted
---
 
# Global Secure Access PowerShell samples
 
These sample scripts provide guidance on common Global Secure Access tasks using PowerShell. Most samples require the [Microsoft Graph Beta PowerShell module](/powershell/microsoftgraph/installation) 2.10 or newer, unless otherwise noted.
 
The samples are grouped by scenario.
 
## Connector setup
 
| Sample | Description |
|---|---|
| [Get token for connector](scripts/powershell-get-token.md) | Get the auth token for registering your Microsoft Entra private network connector through Azure, AWS, or GCP Marketplaces. |
MODIFIED docs/identity/saas-apps/preciate-provisioning-tutorial.md
Modified by Shreya Goyal (HCL Technologies Corporate Services) on Apr 27, 2026 5:02 PM
📖 View on learn.microsoft.com
+11 / -11 lines changed
Commit: Updated files
Changes:
Before
After
 
1. Sign in to [Preciate Admin Portal](https://preciate.com/web/admin/keys) and navigate to the **Integrations** page.
 
![Screenshot of Preciate secret](media/preciate-provisioning-tutorial/preciate-secret-path.png)
 
2. Select the **Generate** button where it says Active Directory Integration Secret Key.
![Screenshot of Preciate generate](media/preciate-provisioning-tutorial/preciate-secret-generate.png)
 
3. A new **Secret Key** appears. Copy and save the **Secret Key**. Also make a note that Tenant URL is `https://preciate.com/api/v1/scim`. These values are entered in the **Secret Token** and **Tenant URL** field in the Provisioning tab of your Preciate's application.
### To configure automatic user provisioning for Preciate in Microsoft Entra ID:
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**
 
![Screenshot of Enterprise applications blade](common/enterprise-applications.png)
 
1. In the applications list, select **Preciate**.
 
 
1. Sign in to [Preciate Admin Portal](https://preciate.com/web/admin/keys) and navigate to the **Integrations** page.
 
![Screenshot of the Preciate secret token configuration page.](media/preciate-provisioning-tutorial/preciate-secret-path.png)
 
2. Select the **Generate** button where it says Active Directory Integration Secret Key.
![Screenshot of the Preciate secret token generation page.](media/preciate-provisioning-tutorial/preciate-secret-generate.png)
 
3. A new **Secret Key** appears. Copy and save the **Secret Key**. Also make a note that Tenant URL is `https://preciate.com/api/v1/scim`. These values are entered in the **Secret Token** and **Tenant URL** field in the Provisioning tab of your Preciate's application.
### To configure automatic user provisioning for Preciate in Microsoft Entra ID:
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**.
 
![Screenshot of Enterprise applications blade.](common/enterprise-applications.png)
 
1. In the applications list, select **Preciate**.
 
MODIFIED docs/identity/authentication/tutorial-password-policy-overview-frequently-asked-questions.md
Modified by ruimurakami-MSFT on Apr 27, 2026 1:25 PM
📖 View on learn.microsoft.com
+10 / -10 lines changed
Commit: Fix grammatical issues in password policy FAQ
Changes:
Before
After
Depending on the environment, synced users might also be subject to Microsoft Entra ID restrictions such as the global banned password list. For more information, see the [FAQ section](#faq).
 
### Cloud-only users
For cloud users, the Microsoft Entra ID password policy cannot be customized, except for password expiration.
For detailed information about the Entra ID password policy, see [Microsoft Entra password policies](/entra/identity/authentication/concept-sspr-policy?tabs=ms-powershell#microsoft-entra-password-policies).
Although Microsoft Entra ID doesn't provide the same granular password complexity settings as on-premises AD DS, it does include a global banned password list and a custom banned password list.
The global banned password list is enabled for all tenants and cannot be disabled.
It blocks weak passwords such as admin or baseball.
The custom banned password list allows organizations to register words such as the company name or abbreviations and prevent them from being used in passwords.
For details, see [Global banned password list](/entra/identity/authentication/concept-password-ban-bad#global-banned-password-list).
## Policies evaluated during authentication (password expiration)
Password expiration specifies the maximum number of days a single password can be used.
When the expiration date is reached, users are required to change their password the next time they sign in.
When considering password expiration, it is helpful to look not only at whether the user is a synced user or a cloud user, but also whether authentication occurs on-premises or in the cloud.
Each scenario is described in the next sections. Refer to the section that matches the user type and environment you want to review
 
### Synced users with password hash synchronization
It is sometimes misunderstood that the on-premises AD DS password expiration is directly synchronized to Microsoft Entra ID.
However, password expiration values for synced users are stored separately in on-premises AD DS and in Microsoft Entra ID.
Because password information exists in both environments, the applied expiration policy depends on where the user signs in (where authentication occurs).
Depending on the environment, synced users might also be subject to Microsoft Entra ID restrictions such as the global banned password list. For more information, see the [FAQ section](#faq).
 
### Cloud-only users
For cloud users, the Microsoft Entra ID password policy can't be customized, except for password expiration.
For detailed information about the Entra ID password policy, see [Microsoft Entra password policies](/entra/identity/authentication/concept-sspr-policy?tabs=ms-powershell#microsoft-entra-password-policies).
Although Microsoft Entra ID doesn't provide the same granular password complexity settings as on-premises AD DS, it does include a global banned password list and a custom banned password list.
The global banned password list is enabled for all tenants and can't be disabled.
It blocks weak passwords such as admin or baseball.
The custom banned password list allows organizations to register words such as the company name or abbreviations and prevent them from being used in passwords.
For details, see [Global banned password list](/entra/identity/authentication/concept-password-ban-bad#global-banned-password-list).
## Policies evaluated during authentication (password expiration)
Password expiration specifies the maximum number of days a single password can be used.
When the expiration date is reached, users are required to change their password the next time they sign in.
When considering password expiration, it's helpful to look not only at whether the user is a synced user or a cloud user, but also whether authentication occurs on-premises or in the cloud.
Each scenario is described in the next sections. Refer to the section that matches the user type and environment you want to review
 
### Synced users with password hash synchronization
It's sometimes misunderstood that the on-premises AD DS password expiration is directly synchronized to Microsoft Entra ID.
However, password expiration values for synced users are stored separately in on-premises AD DS and in Microsoft Entra ID.
Because password information exists in both environments, the applied expiration policy depends on where the user signs in (where authentication occurs).
MODIFIED docs/identity/saas-apps/plandisc-provisioning-tutorial.md
Modified by Shreya Goyal (HCL Technologies Corporate Services) on Apr 27, 2026 5:02 PM
📖 View on learn.microsoft.com
+9 / -9 lines changed
Commit: Updated files
Changes:
Before
After
 
## Step 2: Configure Plandisc to support provisioning with Microsoft Entra ID
 
1. Log in to [Plandisc](https://create.plandisc.com) and navigate to **Enterprise**
 
![Screenshot of Plandisc navigate Enterprise](media/plandisc-provisioning-tutorial/get-scim-token-from-plandisc-step-1.png)
 
1. Scroll down to see section **Manage users with SCIM** section.
Here you find values to be entered in the Provisioning tab of your Plandisc application.
The **SCIM endpoint** is inserted into the Tenant URL field.
The **SCIM token** is inserted into the Secret Token field.
 
![Screenshot of Copy SCIM token from Plandisc](media/plandisc-provisioning-tutorial/get-scim-token-from-plandisc-step-2.png)
 
<a name='step-3-add-plandisc-from-the-azure-ad-application-gallery'></a>
 
 
1. Select the **Provisioning** tab.
 
![Screenshot of Provisioning tab](common/provisioning.png)
 
## Step 2: Configure Plandisc to support provisioning with Microsoft Entra ID
 
1. Sign in to [Plandisc](https://create.plandisc.com) and navigate to **Enterprise**
 
![Screenshot of Plandisc navigate Enterprise.](media/plandisc-provisioning-tutorial/get-scim-token-from-plandisc-step-1.png)
 
1. Scroll down to see section **Manage users with SCIM** section.
Here you find values to be entered in the Provisioning tab of your Plandisc application.
The **SCIM endpoint** is inserted into the Tenant URL field.
The **SCIM token** is inserted into the Secret Token field.
 
![Screenshot of Copy SCIM token from Plandisc.](media/plandisc-provisioning-tutorial/get-scim-token-from-plandisc-step-2.png)
 
<a name='step-3-add-plandisc-from-the-azure-ad-application-gallery'></a>
 
 
1. Select the **Provisioning** tab.
 
![Screenshot of the Provisioning tab for configuring automatic user provisioning.](common/provisioning.png)
MODIFIED docs/identity/saas-apps/playvox-provisioning-tutorial.md
Modified by Shreya Goyal (HCL Technologies Corporate Services) on Apr 27, 2026 5:02 PM
📖 View on learn.microsoft.com
+8 / -8 lines changed
Commit: Updated files
Changes:
Before
After
 
2. Select **Create API Key**.
 
![Screenshot of Partial screenshot showing the location of the Create API Key button in the Playvox user interface.](media/playvox-provisioning-tutorial/create.png)
 
3. Enter a meaningful name for the API key, and then select **Save**. After the API key is generated, select **Close**.
 
4. On the API key that you created, select the **Details** icon.
 
![Screenshot of Partial screenshot showing the location of the Details icon, which is a magnifying glass, in the Playvox user interface.](media/playvox-provisioning-tutorial/api.png)
 
5. Copy and save the **BASE64 KEY** value. Later, in the Azure portal, you enter this value in the **Secret Token** text box in the **Provisioning** tab of your Playvox application.
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**.
 
![Partial screenshot of the Azure portal, with Enterprise applications and All applications items highlighted](common/enterprise-applications.png)
 
1. In the applications list, search for and select **Playvox**.
 
 
2. Select **Create API Key**.
 
![Screenshot showing the location of the Create API Key button in the Playvox user interface.](media/playvox-provisioning-tutorial/create.png)
 
3. Enter a meaningful name for the API key, and then select **Save**. After the API key is generated, select **Close**.
 
4. On the API key that you created, select the **Details** icon.
 
![Screenshot showing the location of the Details icon, which is a magnifying glass, in the Playvox user interface.](media/playvox-provisioning-tutorial/api.png)
 
5. Copy and save the **BASE64 KEY** value. Later, in the Azure portal, you enter this value in the **Secret Token** text box in the **Provisioning** tab of your Playvox application.
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**.
 
![Screenshot of the Azure portal with Enterprise applications and All applications items highlighted.](common/enterprise-applications.png)
 
1. In the applications list, search for and select **Playvox**.
 
MODIFIED docs/identity/saas-apps/dropboxforbusiness-provisioning-tutorial.md
Modified by Diana Richards on Apr 27, 2026 9:48 PM
📖 View on learn.microsoft.com
+7 / -7 lines changed
Commit: acrolinx and alt text
Changes:
Before
After
The objective of this article is to demonstrate the steps to be performed in Dropbox for Business and Microsoft Entra ID to configure Microsoft Entra ID to automatically provision and de-provision users and/or groups to Dropbox for Business.
 
> [!IMPORTANT]
> In the future, Microsoft and Dropbox is deprecating the old Dropbox integration. This was originally planned for 4/1/2021, but has been postponed indefinitely. However, to avoid disruption of service, we recommend migrating to the new SCIM 2.0 Dropbox integration which supports Groups. To migrate to the new Dropbox integration, add and configure a new instance of Dropbox for Provisioning in your Microsoft Entra tenant using the steps below. Once you have configured the new Dropbox integration, disable Provisioning on the old Dropbox integration to avoid Provisioning conflicts. For more detailed steps on migrating to the new Dropbox integration, see [Update to the newest Dropbox for Business application using Microsoft Entra ID](https://help.dropbox.com/installs-integrations/third-party/update-dropbox-azure-ad-connector) and [Connect Dropbox with Microsoft Entra ID](https://help.dropbox.com/integrations/microsoft-entra-id).
 
> [!NOTE]
> This article describes a connector built on top of the Microsoft Entra user provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
1. Browse to **Entra ID** > **Enterprise apps** > **New application**.
1. In the **Add from the gallery** section, type **Dropbox for Business**, select **Dropbox for Business** in the search box.
1. Select **Dropbox for Business** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
![Screenshot of Dropbox for Business in the results list](common/search-new-app.png)
 
## Assigning users to Dropbox for Business
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**
 
![Screenshot of Enterprise applications blade](common/enterprise-applications.png)
 
1. In the applications list, select **Dropbox for Business**.
The objective of this article is to demonstrate the steps to be performed in Dropbox for Business and Microsoft Entra ID to configure Microsoft Entra ID to automatically provision and de-provision users and/or groups to Dropbox for Business.
 
> [!IMPORTANT]
> In the future, Microsoft and Dropbox are deprecating the old Dropbox integration. This was originally planned for 4/1/2021, but has been postponed indefinitely. However, to avoid disruption of service, we recommend migrating to the new SCIM 2.0 Dropbox integration which supports Groups. To migrate to the new Dropbox integration, add and configure a new instance of Dropbox for Provisioning in your Microsoft Entra tenant using the steps below. Once you have configured the new Dropbox integration, disable Provisioning on the old Dropbox integration to avoid Provisioning conflicts. For more detailed steps on migrating to the new Dropbox integration, see [Update to the newest Dropbox for Business application using Microsoft Entra ID](https://help.dropbox.com/installs-integrations/third-party/update-dropbox-azure-ad-connector) and [Connect Dropbox with Microsoft Entra ID](https://help.dropbox.com/integrations/microsoft-entra-id).
 
> [!NOTE]
> This article describes a connector built on top of the Microsoft Entra user provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
1. Browse to **Entra ID** > **Enterprise apps** > **New application**.
1. In the **Add from the gallery** section, type **Dropbox for Business**, select **Dropbox for Business** in the search box.
1. Select **Dropbox for Business** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
![Screenshot of Dropbox for Business in the results list.](common/search-new-app.png)
 
## Assigning users to Dropbox for Business
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**
 
![Screenshot of Enterprise applications blade.](common/enterprise-applications.png)
 
1. In the applications list, select **Dropbox for Business**.
MODIFIED docs/identity/saas-apps/postman-provisioning-tutorial.md
Modified by Shreya Goyal (HCL Technologies Corporate Services) on Apr 27, 2026 5:02 PM
📖 View on learn.microsoft.com
+7 / -7 lines changed
Commit: Updated files
Changes:
Before
After
 
1. Select the **Provisioning** tab.
 
![Screenshot of Provisioning tab.](common/provisioning.png)
 
1. Set **+ New configuration**.
 
![Screenshot of Provisioning tab automatic.](common/application-provisioning.png)
 
1. In the **Tenant URL** field, input your Recnice Tenant URL and Secret Token. Select **Test Connection** to ensure Microsoft Entra ID can connect to Recnice. If the connection fails, ensure your Recnice account has the required admin permissions and try again.
 
![Screenshot of Provisioning test connection.](common/provisioning-test-connection.png)
 
 
1. Select the pencil to edit the properties. Enable notification emails and provide an email to receive quarantine emails. Enable accidental deletions prevention. Select **Apply** to save the changes.
 
![Screenshot of Provisioning properties.](common/provisioning-properties.png)
 
1. Select **Attribute Mapping** in the left panel and select users.
 
 
1. Select the **Provisioning** tab.
 
![Screenshot of the Provisioning tab for configuring automatic user provisioning.](common/provisioning.png)
 
1. Select **+ New configuration**.
 
![Screenshot of Provisioning tab automatic.](common/application-provisioning.png)
 
1. In the **Tenant URL** field, enter your Postman Tenant URL and Secret Token. Select **Test Connection** to ensure Microsoft Entra ID can connect to Postman. If the connection fails, ensure your Postman account has the required admin permissions and try again.
 
![Screenshot of Provisioning test connection.](common/provisioning-test-connection.png)
 
 
1. Select the pencil to edit the properties. Enable notification emails and provide an email to receive quarantine emails. Enable accidental deletions prevention. Select **Apply** to save the changes.
 
![Screenshot of the Provisioning properties page showing notification and deletion settings.](common/provisioning-properties.png)
 
1. Select **Attribute Mapping** in the left panel and select **users**.
 
MODIFIED docs/identity/saas-apps/mondaycom-provisioning-tutorial.md
Modified by Sudhakaran-S-micro on Apr 27, 2026 5:59 AM
📖 View on learn.microsoft.com
+7 / -7 lines changed
Commit: Worked on suggestions
Changes:
Before
After
The scenario outlined in this article assumes that you already have the following prerequisites:
 
* [!INCLUDE [common-prerequisites.md](~/identity/saas-apps/includes/common-prerequisites.md)]
* An **Enterprise** monday.com account.
 
## Step 1: Plan your provisioning deployment
1. Learn about [how the provisioning service works](~/identity/app-provisioning/user-provisioning.md).
<a name='step-2-configure-mondaycom-to-support-provisioning-with-azure-ad'></a>
 
## Step 2: Configure monday.com to support provisioning with Microsoft Entra ID
1. Login to [monday.com](https://www.monday.com/). Select your profile picture , on the left navigation pane.
1. Navigate to **Admin > Security** .
1. Select **Open** in the **SCIM** section under the **Login** tab
 
![Scim Provisioning Tab](media/mondaycom-provisioning-tutorial/provisioning-tab-monday.png)
 
1. Select **Generate** . These are the **Tenant URL** and **Secret Token** you need for step 5.
 
>[!NOTE]
>don't share or save this secret token. You can always generate a new token whenever and wherever it's required.
The scenario outlined in this article assumes that you already have the following prerequisites:
 
* [!INCLUDE [common-prerequisites.md](~/identity/saas-apps/includes/common-prerequisites.md)]
* An **Enterprise** monday.com account.
 
## Step 1: Plan your provisioning deployment
1. Learn about [how the provisioning service works](~/identity/app-provisioning/user-provisioning.md).
<a name='step-2-configure-mondaycom-to-support-provisioning-with-azure-ad'></a>
 
## Step 2: Configure monday.com to support provisioning with Microsoft Entra ID
1. Sign in to [monday.com](https://www.monday.com/). Select your profile picture , on the left navigation pane.
1. Navigate to **Admin > Security**.
1. Select **Open** in the **SCIM** section under the **Login** tab.
 
![Scim Provisioning Tab](media/mondaycom-provisioning-tutorial/provisioning-tab-monday.png)
 
1. Select **Generate**. These are the **Tenant URL** and **Secret Token** you need for step 5.
 
> [!NOTE]
> Don't share or save this secret token. You can always generate a new token whenever and wherever it's required.
MODIFIED docs/identity/saas-apps/oracle-cloud-infrastructure-console-provisioning-tutorial.md
Modified by Sudhakaran-S-micro on Apr 27, 2026 6:39 AM
📖 View on learn.microsoft.com
+6 / -6 lines changed
Commit: Worked on suggestions
Changes:
Before
After
 
1. Log on to the Oracle Cloud Infrastructure Console admin portal. On the top left corner of the screen navigate to **Identity > Federation**.
 
![Screenshot shows the Oracle Admin.](./media/oracle-cloud-infratstructure-console-provisioning-tutorial/identity.png "Admin")
 
1. Select the URL displayed on the page beside Oracle Identity Cloud Service Console.
1. Select **Add Identity Provider** to create a new identity provider. Save the IdP ID to be used as a part of tenant URL. Select the plus icon beside the **Applications** tab to create an OAuth Client and Grant IDCS Identity Domain Administrator AppRole.
 
![Screenshot shows the Oracle Cloud Icon.](./media/oracle-cloud-infratstructure-console-provisioning-tutorial/add.png "Icon")
 
1. Follow the screenshots below to configure your application. When the configuration is done, select **Save**.
 
 
![Screenshot of Provisioning tab automatic.](common/application-provisioning.png)
 
1. In the **Tenant URL** field, enter your Cybozu Tenant URL and Secret Token. Select **Test Connection** to ensure Microsoft Entra ID can connect to Cybozu. If the connection fails, ensure your Cybozu account has the required admin permissions and try again.
 
> [!NOTE]
> Enter `https://<IdP ID>.identity.oraclecloud.com/admin/v1` in the **Tenant URL**.
> Example : If your IdP ID is `idcs-0bfd023ff2xx4a98a760fa2c31k92b1d`, then you would enter `https://idcs-0bfd023ff2xx4a98a760fa2c31k92b1d.identity.oraclecloud.com/admin/v1` in the **Tenant URL**.
 
1. Log on to the Oracle Cloud Infrastructure Console admin portal. On the top left corner of the screen navigate to **Identity > Federation**.
 
![Screenshot shows the Oracle Admin console for identity management.](./media/oracle-cloud-infratstructure-console-provisioning-tutorial/identity.png "Admin")
 
1. Select the URL displayed on the page beside Oracle Identity Cloud Service Console.
1. Select **Add Identity Provider** to create a new identity provider. Save the IdP ID to be used as a part of tenant URL. Select the plus icon beside the **Applications** tab to create an OAuth Client and Grant IDCS Identity Domain Administrator AppRole.
 
![Screenshot shows the Oracle Cloud Icon for adding applications.](./media/oracle-cloud-infratstructure-console-provisioning-tutorial/add.png "Icon")
 
1. Follow the screenshots below to configure your application. When the configuration is done, select **Save**.
 
 
![Screenshot of Provisioning tab automatic.](common/application-provisioning.png)
 
1. In the **Tenant URL** field, enter your Oracle Cloud Infrastructure Console Tenant URL and Secret Token. Select **Test Connection** to ensure Microsoft Entra ID can connect to Oracle Cloud Infrastructure Console. If the connection fails, ensure your Oracle Cloud Infrastructure Console account has the required admin permissions and try again.
 
> [!NOTE]
> Enter `https://<IdP ID>.identity.oraclecloud.com/admin/v1` in the **Tenant URL**.
> Example: If your IdP ID is `idcs-0bfd023ff2xx4a98a760fa2c31k92b1d`, then you would enter `https://idcs-0bfd023ff2xx4a98a760fa2c31k92b1d.identity.oraclecloud.com/admin/v1` in the **Tenant URL**.
MODIFIED docs/identity/saas-apps/druva-provisioning-tutorial.md
Modified by Diana Richards on Apr 27, 2026 9:49 PM
📖 View on learn.microsoft.com
+5 / -5 lines changed
Commit: alt text
Changes:
Before
After
 
1. Sign in to your [Druva Admin Console](https://console.druva.com). Navigate to **Druva** > **inSync**.
 
![Screenshot of Druva Admin Console](media/druva-provisioning-tutorial/menubar.png)
 
1. Navigate to **Manage** > **Deployments** > **Users**.
 
1. Browse to **Entra ID** > **Enterprise apps** > **New application**.
1. In the **Add from the gallery** section, type **Druva**, select **Druva** in the search box.
1. Select **Druva** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
![Screenshot of Druva in the results list](common/search-new-app.png)
 
## Configuring automatic user provisioning to Druva
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**
 
![Screenshot of Enterprise applications blade](common/enterprise-applications.png)
 
1. In the applications list, select **Druva**.
 
1. Sign in to your [Druva Admin Console](https://console.druva.com). Navigate to **Druva** > **inSync**.
 
![Screenshot of Druva Admin Console.](media/druva-provisioning-tutorial/menubar.png)
 
1. Navigate to **Manage** > **Deployments** > **Users**.
 
1. Browse to **Entra ID** > **Enterprise apps** > **New application**.
1. In the **Add from the gallery** section, type **Druva**, select **Druva** in the search box.
1. Select **Druva** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
![Screenshot of Druva in the results list.](common/search-new-app.png)
 
## Configuring automatic user provisioning to Druva
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**
 
![Screenshot of Enterprise applications blade.](common/enterprise-applications.png)
 
1. In the applications list, select **Druva**.
MODIFIED docs/identity/saas-apps/directprint-io-provisioning-tutorial.md
Modified by Diana Richards on Apr 27, 2026 9:45 PM
📖 View on learn.microsoft.com
+5 / -5 lines changed
Commit: alt text and acrolinx
Changes:
Before
After
 
1. log into your [directprint.io account](https://directprint.io/login/).
1. Navigate to the Microsoft Entra SSO and Provisioning screen.
1. Save the Tenant URL and secret toke for future reference. You need it in **Step 5**.
 
## Step 3: Add directprint.io from the Microsoft Entra application gallery
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**
 
![Screenshot of Enterprise applications blade](common/enterprise-applications.png)
 
1. In the applications list, select **directprint.io**.
 
![Screenshot of The directprint.io link in the Applications list](common/all-applications.png)
 
1. Select the **Provisioning** tab.
 
![Screenshot of Provisioning tab](common/provisioning.png)
 
 
1. log into your [directprint.io account](https://directprint.io/login/).
1. Navigate to the Microsoft Entra SSO and Provisioning screen.
1. Save the Tenant URL and secret token for future reference. You need it in **Step 5**.
 
## Step 3: Add directprint.io from the Microsoft Entra application gallery
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**
 
![Screenshot of Enterprise applications blade.](common/enterprise-applications.png)
 
1. In the applications list, select **directprint.io**.
 
![Screenshot of The directprint.io link in the Applications list.](common/all-applications.png)
 
1. Select the **Provisioning** tab.
 
![Screenshot of Provisioning tab.](common/provisioning.png)
 
MODIFIED docs/identity/hybrid/connect/tshoot-clear-on-premises-attributes.md
Modified by Nuno Alexandre on Apr 27, 2026 7:16 PM
📖 View on learn.microsoft.com
+5 / -5 lines changed
Commit: Learn Editor: Update tshoot-clear-on-premises-attributes.md
Changes:
Before
After
#### By Identity
``` powershell
Get-ADSyncToolsOnPremisesAttribute [-Identity] <String> [[-Property] <String[]>] [<CommonParameters>]
```
#### By IncludeSyncedUsers
### SYNTAX
 
``` powershell
Set-ADSyncToolsOnPremisesAttribute [-Identity] <String> [[-onPremisesDistinguishedName] <String>] [[-onPremisesDomainName] <String>] [[-onPremisesImmutableId] <String>] [[-onPremisesSamAccountName] <String>] [[-onPremisesSecurityIdentifier] <String>] [[-onPremisesUserPrincipalName] <String>] [<CommonParameters>]
```
 
#### By BodyParameter
 
``` powershell
Set-ADSyncToolsOnPremisesAttribute [-Identity] <String> [-BodyParameter] <String> [<CommonParameters>]
```
### EXAMPLES
#### By Identity
``` powershell
Get-ADSyncToolsOnPremisesAttribute [-Id] <String> [[-Property] <String[]>] [<CommonParameters>]
```
#### By IncludeSyncedUsers
### SYNTAX
 
``` powershell
Set-ADSyncToolsOnPremisesAttribute [-Id] <String> [[-onPremisesDistinguishedName] <String>] [[-onPremisesDomainName] <String>] [[-onPremisesImmutableId] <String>] [[-onPremisesSamAccountName] <String>] [[-onPremisesSecurityIdentifier] <String>] [[-onPremisesUserPrincipalName] <String>] [<CommonParameters>]
```
 
#### By BodyParameter
 
``` powershell
Set-ADSyncToolsOnPremisesAttribute [-Id] <String> [-BodyParameter] <String> [<CommonParameters>]
```
 
### EXAMPLES
MODIFIED docs/identity/saas-apps/pingboard-provisioning-tutorial.md
Modified by Shreya Goyal (HCL Technologies Corporate Services) on Apr 27, 2026 5:02 PM
📖 View on learn.microsoft.com
+5 / -5 lines changed
Commit: Updated files
Changes:
Before
After
 
1. Select your instance of Pingboard, and then select the **Provisioning** tab.
 
1. Set **+ New configuration**.
 
![Screenshot of Provisioning tab automatic.](common/application-provisioning.png)
 
1. In the **Tenant URL** field, input your Recnice Tenant URL and Secret Token. Select **Test Connection** to ensure Microsoft Entra ID can connect to Recnice. If the connection fails, ensure your Recnice account has the required admin permissions and try again.
 
![Screenshot of Provisioning test connection.](common/provisioning-test-connection.png)
 
 
1. Select the pencil to edit the properties. Enable notification emails and provide an email to receive quarantine emails. Enable accidental deletions prevention. Select **Apply** to save the changes.
 
![Screenshot of Provisioning properties.](common/provisioning-properties.png)
 
1. Select **Attribute Mapping** in the left panel and select users.
 
1. In the **Attribute Mappings** section, review the user attributes to be synchronized from Microsoft Entra ID to Pingboard. The attributes selected as **Matching** properties are used to match the user accounts in Pingboard for update operations. Select **Save** to commit any changes. For more information, see [Customize user provisioning attribute mappings](~/identity/app-provisioning/customize-application-attributes.md).
 
 
1. Select your instance of Pingboard, and then select the **Provisioning** tab.
 
1. Select **+ New configuration**.
 
![Screenshot of Provisioning tab automatic.](common/application-provisioning.png)
 
1. In the **Tenant URL** field, enter your Pingboard Tenant URL and Secret Token. Select **Test Connection** to ensure Microsoft Entra ID can connect to Pingboard. If the connection fails, ensure your Pingboard account has the required admin permissions and try again.
 
![Screenshot of Provisioning test connection.](common/provisioning-test-connection.png)
 
 
1. Select the pencil to edit the properties. Enable notification emails and provide an email to receive quarantine emails. Enable accidental deletions prevention. Select **Apply** to save the changes.
 
![Screenshot of the Provisioning properties page showing notification and deletion settings.](common/provisioning-properties.png)
 
1. Select **Attribute Mapping** in the left panel and select **users**.
 
1. In the **Attribute Mappings** section, review the user attributes to be synchronized from Microsoft Entra ID to Pingboard. The attributes selected as **Matching** properties are used to match the user accounts in Pingboard for update operations. Select **Save** to commit any changes. For more information, see [Customize user provisioning attribute mappings](~/identity/app-provisioning/customize-application-attributes.md).
 
MODIFIED docs/identity/saas-apps/reward-gateway-provisioning-tutorial.md
Modified by Shreya Goyal (HCL Technologies Corporate Services) on Apr 27, 2026 4:33 PM
📖 View on learn.microsoft.com
+5 / -4 lines changed
Commit: Updated files
Changes:
Before
After
1. Browse to **Entra ID** > **Enterprise apps** > **New application**.
1. In the **Add from the gallery** section, type **Reward Gateway**, select **Reward Gateway** in the search box.
1. Select **Reward Gateway** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
![Screenshot of the Reward Gateway in the results list](common/search-new-app.png)
 
## Configuring automatic user provisioning to Reward Gateway
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**
 
![Screenshot of the Enterprise applications blade](common/enterprise-applications.png)
 
1. In the applications list, select **Reward Gateway**.
 
![Screenshot of the Reward Gateway link in the Applications list](common/all-applications.png)
 
1. Select the **Provisioning** tab.
 
 
1. Select the pencil to edit the properties. Enable notification emails and provide an email to receive quarantine emails. Enable accidental deletions prevention. Select **Apply** to save the changes.
1. Browse to **Entra ID** > **Enterprise apps** > **New application**.
1. In the **Add from the gallery** section, type **Reward Gateway**, select **Reward Gateway** in the search box.
1. Select **Reward Gateway** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
 
![Screenshot of the Reward Gateway in the results list.](common/search-new-app.png)
 
## Configuring automatic user provisioning to Reward Gateway
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator).
1. Browse to **Entra ID** > **Enterprise apps**
 
![Screenshot of the Enterprise applications blade.](common/enterprise-applications.png)
 
1. In the applications list, select **Reward Gateway**.
 
![Screenshot of the Reward Gateway link in the Applications list.](common/all-applications.png)
 
1. Select the **Provisioning** tab.
 
 

🤖 This report was automatically generated by the Entra Docs Monitor

📧 Delivered to merill@merill.net

🔗 Visit Repository