Hello, tech enthusiasts! Ready to dive into the world of Entra ID cross-tenant synchronization? This guide will help you understand and implement this feature efficiently, ensuring seamless management of your directory data across multiple tenants.
What’s This All About?
Entra ID cross-tenant synchronization enables you to share directory data between two or more tenants. This is particularly useful for organizations managing multiple environments or collaborating closely with other organizations.
Let's delve into the step-by-step process to set up Entra ID cross-tenant synchronization.
Step 1: Prepare the Groundwork
Before setting up synchronization, ensure that you have the necessary administrative permissions in both tenants. If you work in line with admin from the other side try to prepare all required steps for each parties before start.
Step 2: Add trust tenants and manage cross-tenant access settings
- Navigate to Entra ID: Log in to the Entra ID portal - ofc use Global admin account.
- Go to External Identities, then cross-tenant access settings.
- In Organizational settings tab with + Add trusted org using Tenant ID of domain name.
- In this place keep in mind which tenant will "receive" directory objects and which "send" (push).
- In "receiving side" we're going to add couple things - ofc configuring Inbound Access.
- Here's we're looking for two tabs: in Trust Settings check "Automatically redeem invitations with the tenant X" (here I also prefer check Trust MFA) and in Cross-tenant sync tab - check single (yet) option "Allow users sync into this tenant".
- In "pushing" tenant side we're only looking at checking "Automatically redeem invitations" option.
Step 3: Add cross-tenant synchronization configuration
- Navigate to Entra ID portal, then Cross-tenant synchronization
- Simply add new Configuration by checking Configuration balde and usual + button. All you need to provide here is name - proceed with any you wish.
- Go to new configuration. For the most cases we need to pay attention at two blades - Provisioning and Users and groups
- Moving on with Provisioning. Automatic mode will obviously better way for common scenarious - so set it.
- Then at Admin Credentials simply paste destination tenant id and hit Test. If everything from step 2 done correctly - there will be no issues.
- Next important step is Mappings. Check all attribute mappings, take changes if required. Pay attention at advances object filtering. Don't forget to hit Save.
- In Users and groups blade choose directory objects what you want to push.
- The only thing is left to navigate to Overview blase and hit Start Provisioning. Depending on a number of objects soon you will see sync reslts. Don't forget that you can push sycn on demand using relevant option in Provision on demand blade.
Results
If you done correctly without any further interruptions check Users or Groups blade in "receiving" tenant Entra ID for freshy provisioned obejects.
Conclusion
Entra ID cross-tenant synchronization is a powerful feature that enhances user management and operational efficiency. By following this guide, you can set up and manage synchronization effectively. If you have any questions or need further assistance, feel free to reach out in the comments below.
Entra ID cross-tenant synchronization is a powerful feature that enhances user management and operational efficiency. By following this guide, you can set up and manage synchronization effectively. If you have any questions or need further assistance, feel free to reach out in the comments below.
