Handling account attributes
You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using the Manage the system (PSA) module. To do this, select Azure Active Directory from the Manage the system > Resources > Account attributes > Target system type menu.
For information about the native Microsoft Azure Active Directory attributes managed by Bravura Security Fabric , consult your Microsoft Azure Active Directory documentation.
DisplayName The account attribute is required to create new users in Azure Active Directory.
To allow users to create new accounts:
Add a profile and request attribute to provide a place to prompt the user for the display name.
Ensure that you set read/write permissions to the attribute.
Map the newly created profile and request attribute to the displayName account attribute. To learn how to do this, see the "Base Configuration Guide".
Licenses A read-only attribute which retrieves licensed products and service plans from accounts. The attribute contains product licensing information in format like following:
Licenses = {AAD_PREMIUM_P2={EXCHANGE_S_FOUNDATION=PendingProvisioning;ADALLOM _S_DISCOVERY=PendingInput;MFA_PREMIUM=Success;AAD_PREMIUM=Success;AAD_PREMIUM_P2=Disable d;};}The service plan is listed in raw KVG format.
LIC_PLAN A pseudo attribute which is used to write licensing assignment to account on the target system. The attribute contains licensed product name and corresponding service plans in a product. By default, the service plan list is empty; it is set to {} , which enables all service plans in a licensed product.
To enable all service plans under the AAD_PREMIUM_P2 package enter:
AAD_PREMIUM_P2={};To only enable the MFA_PREMIUM service plan under the AAD_PREMIUM_P2 package add the following:
AAD_PREMIUM_P2={MFA_PREMIUM};The AAD_PREMIUM_P2 entry relates to the Azure Active Directory Premium P2 MS product name and the MFA_PREMIUM entry is the service plan name. Refer to the Microsoft documentation for more descriptions of their products and service plans.
Using the LIC_PLAN attribute
In the scenario where you create an Office 365 user using the Azure connector, the connector will create an Azure account and assign an Exchange Office 365 license. If you remove the Office 365 account, both the Azure account and its assigned licenses are deleted.
You can customize which license plan you want removed when an account is removed by using the LIC_PLAN attribute. The plan entered in the LIC_PLAN attribute will also be the plan that is removed.
For example, if you want to remove the Exchange Office 365 license for a specific user when the Office 365 account is removed you would enter the following in the attribute field:
EXCHANGESTANDARD={EXCHANGE_S_STANDARD;}The LIC_PLAN attribute can contain multi-values, where each of the specified values should bear the same form, and each is specifying the granular license for a specific package.
For example, if you want to remove the Exchange Office 365 standard license and the Azure Active Directory Premium P2 license when the Office 365 account is removed, you would enter the following in the attribute field:
"EXCHANGESTANDARD={};" "AAD_PREMIUM_P2={EXCHANGE_S_FOUNDATION;ADALLOM_S_DISCOVERY;MFA_PREMIUM;AAD_PREMIUM_P2;};"LIC_PLAN only updates licenses directly assigned to individual account, it can not update licenses assigned to account via groups or organization.
usageLocation The account attribute is required when updating licensed product for users. License assignment fails without usageLocation properly configured to corresponding location to the licensed product.
For more details on licensed product names and service plan identifiers, please check Microsoft document: