# Automation on fetching user accounts for Azure

To **automatically fetch user accounts into Azure** (e.g., for Azure Active Directory / Microsoft Entra ID) **without manually importing them**, your approach depends on the **source of the user accounts**. Below are common scenarios and how to automate the sync:

##### <span style="color: rgb(53, 152, 219);">**From On-Premises Active Directory**</span>

Use **Azure AD Connect** to automatically sync users from on-premises AD to Azure AD.

**Steps:**

1. **Install Azure AD Connect** on your on-prem AD server.
2. Configure it to:
    
    
    - Use **password hash synchronization** or **pass-through authentication**.
    - Enable **automatic synchronization**.
3. Azure AD Connect will:
    
    
    - Regularly sync users, groups, and passwords to Azure AD automatically.
    - No manual importing needed after setup.

##### <span style="color: rgb(53, 152, 219);">**From a Third-Party HR System or App (e.g., Workday, SAP, etc.)**</span>

Use **provisioning connectors** available in **Microsoft Entra (Azure AD)**.

**Steps:**

1. Go to **Entra ID &gt; Enterprise Applications &gt; Your App &gt; Provisioning**.
2. Configure **automatic user provisioning** with the source system.
3. Provide credentials/API endpoints of the source system.
4. Define mappings for user properties.

Works for Workday, SuccessFactors, SAP, Oracle, etc.

##### <span style="color: rgb(53, 152, 219);">**From CSV/Flat Files in a Scheduled Way**</span>

Use **PowerShell** or **Azure Automation** to import from CSV regularly.

**Option A: PowerShell Script (with schedule)**

- Write a script using `Import-Csv` + `New-AzureADUser` or `Set-AzureADUser`.
- Schedule it using **Task Scheduler** or **Azure Automation**.

 **Option B: Logic Apps or Power Automate**

- Use a **Logic App** to watch for a file in OneDrive, SharePoint, or Blob Storage.
- Parse it and create/update users in Azure AD via **Microsoft Graph API**.

##### <span style="color: rgb(53, 152, 219);">**Via Microsoft Graph API**</span>

If user accounts are coming from a custom app or identity source, use **Graph API** to programmatically sync them.

**Key Points:**

- Write a script or backend app that calls `POST https://graph.microsoft.com/v1.0/users`.
- Authenticate using **client credentials flow** (service principal).
- Automate the execution on a schedule.

##### <span style="color: rgb(224, 62, 45);">**Notes:**</span>

- You need proper permissions: **User administrator** or **Global administrator** in Azure AD.
- Use **SCIM provisioning** if the third-party app supports it.