Microsoft Entra ID · Identity Governance
Attribute Provisioning Administrator
Reads and edits provisioning configuration of custom security attributes for applications.
Scope: Configure how custom security attributes flow to provisioned applications
Permissions
- Read custom security attributes in sync schema
- Update attribute mappings in sync schema
- Read provisioning logs for attributes
Common use cases
- Setting up attribute provisioning
- Mapping attributes to target systems
- Troubleshooting attribute sync
Best practices
- Test attribute mappings in dev first
- Document attribute flows
- Monitor provisioning logs
Security considerations
- Cannot create attribute definitions
- Cannot directly assign attribute values
- Privileged role - can expose sensitive attributes