How to configure a 3rd party IDP for O365 - Immutable ID
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 22%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Kelly Sparks
1
Reputation point
I have an on-premise AD synched to Entra ID using Azure EntraID connect. The synch is working fine.
I have a third party IDP that will be populating and synching it's IDP info with the on-prem AD. (So for example, if a new user is added to the 3rd party IDP, it will automatically be added to the on-prem AD, then automatically synched with Azure Entra ID. (ALL GOOD).
Now when I federate the domain from Azure to the 3rd party ID, and try to login, Entra/Office says the user does not exist. Reading up on this, I understand the 3rd party needs to pass a claim called ???? (docs are not clear here) that will be used as the anchor/immutable ID.
All I am looking for is what bits of data need to be pulled from the on-premise AD into the 3rd party IDP, (we can already pull and push data to/from my 3rd party IDP to on-premise AD), and what transformation (if any) needs to be done to the AD info, and also what is the claim to add to the user's ID token in order for Azure/O365 to recognize the user?
From some articles is seems I should pull the user's objectGUID from AD, then somehow transform it into the Azure OID?? I don't know..
Any help would be appreciated.
Microsoft 365 and Office | Development | Other
Sign in to answer