Microsoft Integration

Oomnitza's Microsoft integration allows organizations to load the list of users from Microsoft Identity Service to then manage them inside Oomnitza's SaaS module. Microsoft Identity Service is used across most of the Microsoft products, including Office 365, Windows 10 and Azure. 

You can find more details about the used API and Microsoft Identity at and details on Microsoft 365 licensing can be found at 


Following integrations are available with Microsoft:



Authentication for all Microsoft products is base don oAuth2 authentication flow and validated against the Microsoft Identity Platform. Please follow the documentation to create an OAuth2.0 app and keep your Client ID, Client Secret, Scope and Tenant to be used later in configuring your credential setup within Oomnitza for the integration you are looking to establish. When adding the credential to the Oomnitza credentials, please select oAuth2 and also Microsoft from the SaaS dropdown.


Documentation Links


User Load

Microsoft User load allows you to connect to the Microsoft graph API and load the list of users from there into the people module as well as into the SaaS module. The Microsoft user load provides a minimal list of fields to simply connect the users into the SaaS module. For a full list of user attributes you might want to check out the Microsoft Azure AD user load which basically connects to the same API underneath but has many additional fields. When setting up the user load for Microsoft, the required scope within the credential is User.Read.All .

Standard Mappings

The following fields can be mapped from Microsoft using Oomnitza's User Interface. For more information on creating Extended Connector Mappings, please see our article on Mapping Extended Connectors.

  • User ID - the user id in MSFT 365 represented by a 36 character hex key
  • Email - the user's email, which may only be provided if you are using any Exchange deployment
  • Username in MSFT 365 - usually something that ends with @<companyname>,
  • Username short (before the @ sign) - same as above without the domain behind the @ sign
  • Connector Sync Time - the current time to capture when the data was last synched
  • Given Name
  • Surname
  • Display Name
  • Mobile Phone
  • Office Location


SaaS User Role Block 

This workflow block allows you to read a user's role, represented by the assigned Product SKUs from within Microsoft. We are accessing this from the licenseDetails api, see for more details. 

You can use this block within a SaaS User workflow and you can find more details on setting up SaaS User workflows at . Please note that Microsoft does not provide a last login date and as such you can only get the Last Login date from SSO which for Microsoft is not very reliable.


API block (Presets)

The following Microsoft API block Presets are available:

Microsoft Delete User

Using this preset you can delete a user account within Microsoft Identity Service from within a SaaS User workflow. For details on user deletion within Microsoft, see . Other than selecting the proper authentication, no other changes are required to use this preset.


Microsoft Disable User

This preset allows you to disable a user in Microsoft from a workflow on SaaS User by calling the update web service and setting the field accountEnabled to false. See more details at .




Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk