Peter Simpson yes we actually were able to create the HIGHQ user creation automation from OKTA using APIs. Including assigning roles, titles, departments and groups to a user.

Daniel Rahman When I asked months ago to HighQ if it is possible to do the AD integration with Azure AD and the answer was "only on-prem AD is supported at this time". Although, we were told we can not automate user creation with OKTA but with the use of APIs we were able to automate HighQ user creation and assigning them roles and groups through OKTA.

Peter Simpson i do not believe the Appliance has been specifically tested with Azure AD (cloud)

Peter Simpson I would imagine that to use a solution that is designed for an on prem AD tenant, you would have to set up an ADFS instance, but other than that it should work.

I will probably try and build a connector this week. I haven't looked with SCIM 2.0 documentation open, but a quick glance, and given that the api endpoints for user and groups were written for the AD connector, I think the schema follows the SCIM standard, so it should be easy enough. Would be happy to share on here, people would just have to adjust for their instance url.

I am however interested to hear if the appliance offers some sort of security benefit that I might be overlooking. Intuitively, I would think the added complexity of having the domain controller stand in with the Azure ADFS architecture would have the opposite effect if anything.

Thanks for the reply and looping the others in, I appreciate it.

Michael Sevarino That's a good question! Let me just check with my colleague Daniel Rahman that the AD Connector can indeed connect to Azure AD (cloud)?



I'll CC Keyur Patel, who leads to the Appliance Team. Keyur, aside from saving on time & effort, does using the Appliance AD Connector offer any other advantages that couldnt be enjoyed by a well built custom solution which levereaged our REST APIs ?