![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 35%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,371 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
From what you have said about Office 365 sync via onelogin I understand that you are already using Onelogin's provisioning engine for user provisioning to azure AD . From what I know about onelogin, Onelogin IDP is different than the onelogin provisioning engine . As far as what I remember they use Microsoft graph to add, delete and update the users in the Office 365/Azure AD . So I don't think you should have any problems while implementing azure AD connect in parallel. However I would suggest you to take care of few things before you enable the sync.
- Check with Onelogin support as to what method onelgin uses currently to keep users in sync between on-premise to azure AD . I remember they used Microsoft Graph/SCIM. If they use something else then check what wil be the effects of disabling the sync.
- Make sure you are up to date synced from onpremise to azure AD. If onelogin provisioning engine has any way to check status or logs , please make sure there are no pending changes.
- Ask your internal servicedesk to suspend user creation or any kind of user modification. If this process is automated , please pause the provisioning systems for automation. This is just to make sure that the object changes does not propagate from two different systems. Check about how user passwords are propagated if at all in onelogin IDP system and how they are configured on your side. Generally if an on-premise IDP is used password sync is disabled but I am not sure about what is it in your environment.
- Install Azure AD connect in staging mode first . Staging mode is the mode where the objects are synced from on-prem AD as well as from Azure AD to Azure AD connect database (called metaverse) to their respective connector spaces.
- Verify the objects in connector spaces if they are synced properly. Check the linked articles for AD connect sync issues and Object sync errors.
- Onelogin can only sync limited attributes to Azure AD as listed here https://onelogin.service-now.com/kb_view_customer.do?sysparm_article=KB0010028
- Once you take out the Azure AD connect server from staging and enable normal sync , make sure no changes are initiated from Onelogin sync and it is disabled. Making changes to user objects from multiple channels can cause complicated issues.
Hope this will be helpful. If I have misunderstood any of your concerns , please do reply back and let me know and I will be happy to help further. In case you need guidance with Onelogin , please check with their support as I have based my answer on a few situation I had worked with onelogin in the past a few years back as well as publicly available information. If you need assistance with Azure AD connect , do let us know your query on this thread or on a new thread and we surely help you. If the information in this post is useful , please do accept this post as answer so that this helps others in the community searching for similar queries.
Thank you.
