Identity lifecycle management at scale

Automate and simplify the identity and access lifecycle.

Azure AD is now part of Microsoft Entra

Step into tomorrow with Microsoft Entra, the new family of multicloud identity and access products to help you secure access for a connected world.

Meet Microsoft Entra

Read the announcement

What is identity lifecycle management?

Identity lifecycle management is a set of tools and processes for keeping identities accurate and synchronized across systems. These processes include provisioning apps and managing user attributes and entitlements.

Provisioning is key to the identity lifecycle management process. It allows IT admins to create user identities and automate provisioning and maintenance as user status or roles change. Azure Active Directory (Azure AD) provides automated provisioning from human resources (HR) apps to Azure AD, from Azure AD to apps, and between Azure AD and on-premises Active Directory domain services.

Infographic showing provisioning in Azure A D.

View full size

More about this diagram

Watch video

Identity lifecycle management in Azure AD

Manage the full identity and access lifecycle in Azure AD. Automatically create and manage user identities in your cloud apps, and connect with HR apps to trigger automatic assignments. Simplify the access request workflows and certify access rights with automatic policies.

Learn more about Azure AD

HR-driven provisioning

Connect to a human capital management (HCM) system, such as Workday and SAP SuccessFactors, to automatically provision and deprovision user access. This enables new hires to get started right away and ensures that access is revoked when employees leave the company.

Learn more

Provision users and groups to cloud apps

Automate provisioning and deprovisioning of users and roles in cloud apps they need access to, including Dropbox, Salesforce, and ServiceNow.

Learn more

Provision between directory services

Provision users from an on-premises source, such as Windows Server Active Directory, to Azure AD using Azure AD Connect sync, Azure AD Connect cloud sync, or Microsoft Identity Manager.

Learn more

Manage access requests

Manage the ongoing changes to user access rights with Azure AD entitlement management. Define how users request access, and ensure users are removed when they no longer need access.

Learn more

Review access rights regularly

Make sure only the right people have continued access using Azure AD access reviews, which help reviewers to identify users that should have continued access or be removed.

Learn more

Develop an app using SCIM for provisioning

Use the System for Cross-Domain Identity Management (SCIM) API to enable automatic provisioning of users and groups between your app and Azure AD.

Learn more

Take a deep dive into Azure AD identity lifecycle management

Explore documentation

Apps that work seamlessly with Azure AD

Find all apps for which Azure AD supports preintegrated provisioning connectors, and learn how to configure them.

Try the tutorials

Discover how these customers safeguard their organizations with Microsoft Security

In Azure AD, “provisioning” refers to automatically creating user identities and roles based on certain conditions. In addition to creating user identities, automatic provisioning includes maintenance and removal or deprovisioning of user identities as status or roles change.