Support identity synchronization/provisioning

[AndreasSko]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

We would like to configure AzureAD Synchronization via Terraform. Adding the necessary secret and creating a job would already be enough for our use case. I would be happy to work in this if the idea looks good :slightly_smiling_face:

New or Affected Resource(s)

• azuread_synchronization_job
• azuread_synchronization_secret

This could potentially be extended with data sources for templates and schemas, but I think those two resources should already provide a good basis.

Potential Terraform Configuration

resource "azuread_synchronization_secret" "this" {
  service_principal_id = azuread_service_principal.this.id

  credentials {
    key   = "BaseAddress"
    value = "[email protected]"
  }
  credentials {
    key   = "SecretToken"
    value = "password-value"
  }
}

resource "azuread_synchronization_job" "this" {
  service_principal_id = azuread_service_principal.this.id
  template_id          = "BoxOutDelta"
  state                = "paused" 
}

References

Graph API Endpoints:

• Synchronization
• Add Secret
• Job

[JoostvDoorn]

I'll be able to work on this, we use this to automatically provision the Azure Databricks SCIM Provisioning Connector. I'll pick this up in a few days.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.