Azure AD Cross-tenant synchronization in public preview

Microsoft opened the public preview for the new cross-tenant synchronization, which enables automatic provisioning and lifecycle management of user accounts across tenants. This function simplifies a number of the previous challenges for multi-tenant organizations that need close collaboration between employees with easy sharing of both data and applications across tenants.

This new feature expands the known possibilities from B2B/Guest accounts, and minimizes much of the friction in multi-tenant architectures for both users and organizations.

The cross-tenant synchronization can either include all accounts, or can be limited to members of an Azure AD group, and supports a number of different typologies, including; 1:1, 1:Many, Many:1, as well as “Mesh”.

An initial test shows that configuring and and testing a two-way synchronization between 2 tenants can be done in approximately one hour.

Also, the synchronization can be customized and enable special mapping of attributes and selective synchronization so only accounts that match certain attribute values are included in the synchronization scope, or can ensure that certain source attributes are mapped and transformed to other values or attributes in the target tenant.

By default, the synchronization takes place every 40 minutes with detailed logging is available.

Inbound synchronizing configuration in target tenant:

Inbound trust settings in target tenant:

Initial on-demand provisioning from source to target tenant:

User from source tenant (Adatum) provisioned automatically in target tenant (Trey Research):

References:

Announcement:
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/seamless-application-access-and-lifecycle-management-for-multi/ba-p/3728752

Configuration:
https://learn.microsoft.com/en-us/azure/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure#step-3-automatically-redeem-invitations-in-the-target-tenant

Topologies:
https://learn.microsoft.com/en-us/azure/active-directory/multi-tenant-organizations/cross-tenant-synchronization-topology

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.