Page tree
Skip to end of metadata
Go to start of metadata


The Azure Identity connector will crawl Azure identities (users and groups) from the specified Azure Active Directory and store them on a identity cache.

Environment and Access Requirements

Account Privileges

For the Azure Identity connector to be able to crawl the identities from the Azure AD that corresponds to the domain specified in the connection, it needs that the specified credentials have enough permissions to read said identities from the directory.

MS Graph Application permissions needed:

  • GroupMember.Read.All / Application
  • User.Read.All / Application

Other Requirements

The Aspire worker nodes must be able to reach the Azure AD specified in the connection. 

This component has been officially tested on local Windows and Linux.

Framework and Connector Features

Framework Features

Content Crawlingno
Identity Crawlingyes
Snapshot-based Incrementalsno
Non-snapshot-based Incrementalsyes
Document Hierarchyno

Connector Features

The Azure Identity connector has the following features:

  • Lower casing of retrieved identities.
  • Adding a special "Everyone" group.
  • Filtering out external groups.

Crawled Identities

The Azure Identity connector is able to crawl the following objects:

NameType MetadataContent Fetch & ExtractionDescription
  • Name
  • Domain
  • Groups
  • Attributes
noThe users of the Azure AD.
  • Name
  • Domain
  • Attributes
yesThe groups of the Azure AD.

Attributes for users typically contain the user GUID but may contain additional data.

Attributes for groups typically contain their display name but may contain additional data.

  • No labels