Sync identities from Rippling to Microsoft Entra ID

Today we have customers HCM with impact You can now automatically provision users to your on-premises Active Directory and then synchronize them to their Microsoft Entra identities as hybrid identities.

Microsoft Entra identity and on-premises Active Directory are core components of every customer’s hybrid IT environment. To ensure that the right people have access to the right resources at the right time, it is important that consistent and accurate HR user profiles, work profiles, and employment status are always available in your Microsoft Entra ID. Earlier this year, we delivered. API-based user provisioning This allows HR ISVs, system integrators and IT teams to connect all systems of record with Entra ID. Rippling worked with Microsoft to build native integrations that enable the secure and automated flow of HR user data into on-premises Active Directory. Customers can use Microsoft Entra Connect Sync or Cloud Sync Synchronize these users from your on-premises Active Directory to their Microsoft Entra ID.

User synchronization and Joiner-Mover-Leaver process automation

Once user data from Rippling is synchronized to Microsoft Entra ID, organizations can leverage the power of Microsoft Entra ID Governance to automate the Joiner-Mover-Leaver process critical to maintaining up-to-date access controls and reducing the risk of unauthorized access. position.

• When a new employee joins Rippling, their personal and work data automatically flows into their Microsoft Entra ID through this integration. Now you can configure Joiner lifecycle workflow and Qualification Management Policy Automatically provisions users with the access they need based on their role. For example, you can give new marketing staff basic access to the marketing team’s SharePoint site, relevant CRM tools, and communication channels in Microsoft Teams. New hires can be productive from day one with no access delays.

• When an employee profile changes in Rippling (such as a name change, title change, or department change), these changes are automatically propagated downstream to your on-premises Active Directory and then to your Microsoft Entra identity. can be configured Mover Lifecycle Workflow Trigger business processes related to movement. For example, if a sales representative is moving to the Product Management team, you can revoke access to the Sales application and grant access to the Product Management application. This helps maintain access of least privilege and prevents employees from accumulating unnecessary access over time.

• When an employee is terminated from Rippling, termination details are automatically displayed in their Microsoft Entra ID. can be configured Churn Lifecycle Workflow Automate offboarding tasks. For example, if an IT administrator resigns, access to sensitive systems and data can be revoked immediately, reducing the risk of unauthorized access or data breaches. This automated deprovisioning process helps protect your organization’s assets and ensure security policy compliance.

Deep provisioning integration between Rippling and Microsoft Entra Identity Governance allows our mutual customers around the world to confidently automate access to applications across hybrid IT environments and enforce strong identity governance policies to strengthen their security and compliance posture.

“This integration between Rippling and Microsoft allows IT teams managing hybrid environments to seamlessly keep HR and IT information sources in sync and automate account provisioning across the user lifecycle. This reduces the manual burden on IT administrators and closes potential security gaps related to onboarding and offboarding.”–Anique Drumright, Vice President of Products, Rippling IT

Get started with integration

prerequisites

• To configure integration with Rippling, you need a Microsoft Entra ID Premium P1 or P2 license for integration (or a license that includes P1/P2, such as Microsoft 365 E3/) to create API-based provisioning apps in your tenant. E5).

• To configure provisioning for your on-premises Active Directory, you must install and configure the Microsoft Entra Connect Provisioning Agent.

• To configure Microsoft Entra features such as Lifecycle Workflow and Rights Management, you must purchase a Microsoft Entra Identity Governance Add-on license (or a license that includes it, e.g. Microsoft Entra Suite).

Select the integration you want to configure

at Ripling App ShopThere are two apps:

• Microsoft Entra ID/Active Directory – Configure this application if you have a hybrid setup and need to provision hybrid users to your on-premises Active Directory that will eventually be synchronized with Microsoft Entra IDs.

• Microsoft Entra ID – Configure this application to provision cloud-only users to Microsoft Entra IDs.

Integrated configuration

Here are the high-level steps to configure app integration: Microsoft Entra ID/Active Directory:

memo: The steps and screenshots listed below illustrate the experience built on the Rippling app and highlight the depth and flexibility of the integration.

• Step 1 – Establish a connection: In this step, the IT administrator consents to Rippling to create an API-based provisioning app in the Microsoft Entra identity tenant. The IT administrator also provides details of the Active Directory domain and OU container to use for creating new users.

• Step 2 – Configure Attribute Mapping: The app integration has default mappings of Rippling user fields and Active Directory properties. IT manager You can customize this attribute mapping and select user fields for the rippling flow downstream to your on-premises Active Directory. To use the Microsoft Entra Identity Governance Lifecycle workflow with this integration, ensure that your property mappings have “User Start Date” and “End Date” fields.

• Step 3 – Provision a test account: At this stage, IT administrators can test attribute mapping and verify account creation/update using test user profiles.

• Step 4 – Configure account access rules: in In this step, the IT administrator configures account provisioning rules for Active Directory. Options in this step allow IT administrators to enforce business policies regarding account creation and termination.

• Step 5 – Monitor provisioning: At this stage, IT administrators can monitor the actions Rippling is performing and review the API calls in the “Activity History” tab. The data shown here corresponds to information retrieved from Microsoft Entra identity provisioning logs.

Once employee data from Rippling is available to Microsoft Entra ID using the steps above, IT administrators can configure Microsoft Entra ID governance. Lifecycle Workflow Automate Joiner-Mover-Leaver business processes.

give it a try

We’re excited about our new integration with Rippling and want you to try it out for yourself!

Let us know your thoughts in the comments below. You can also post feedback or suggestions about new features you’d like to see.feedback forum.

Manmeet Bawa, Partner Director, Product Management

Learn more about this topic

Learn more about Microsoft Entra

Prevent identity attacks, ensure least-privileged access, unify access control, and improve user experience with comprehensive identity and network access solutions across on-premises and cloud.