Skip to content

FIMTooler/EntraIDAttributeFlowDocumenter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
EntraAttributeFlows.ps1
EntraAttributeFlows.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Entra Attribute Flows Reporter

Generate a simple CSV report of attribute flows defined in an Entra (Azure AD) provisioning configuration JSON.

This script reads a provisioning “schema” JSON for an Enterprise Application’s provisioning configuration and outputs a table showing where each target attribute gets its value, when it flows, and what kind of transformation is used.

What it produces

A CSV file named:

  • AttributeFlowReport_{InputBaseName}GeneratedOn{yyyy-MM-dd_HHmmss}.csv

Sorted by:

  • SourceAttribute, then TargetAttribute

Columns included:

  • SourceExpression — The expression defined for the source attribute (when present)
  • SourceObjectType — Source object type (for example: User)
  • SourceAttribute — Name(s) of source attribute(s) used; for expressions, multiple attributes are listed on separate lines
  • SourceDefaultValue — Default value from the mapping (if present)
  • FlowType — Direct, Constant, or Expression
  • FlowWhen — When the value flows (Always, Only on create, Add-only, etc.)
  • MatchingPriority — Priority when the mapping is used for matching (if greater than 0)
  • TransformExpression — The full transformation/expression (for Function mappings)
  • TargetObjectType — Target object type; DynamicElement is normalized to “User”
  • TargetAttribute — Target attribute name
  • TargetExpression — The expression defined for the target attribute (when present)

Requirements

  • PowerShell 5.1 or PowerShell 7+
  • A provisioning configuration/schema JSON file produced by Entra provisioning
  • No additional modules are required (uses built-in ConvertFrom-Json)

Notes:

  • On PowerShell 7+, CSVs are written as UTF‑8 by default.
  • On PowerShell 5.1, Export-Csv defaults to UTF‑16 LE (“Unicode”), which opens fine in Excel.

Parameters

  • -JsonFile (required)
    • Path to the provisioning schema JSON file.
  • -OutputFolder (required)
    • Folder where the CSV report will be written.

Example:

# Run the Attribute Flows reporter
.\EntraAttributeFlows.ps1 -JsonFile "C:\Exports\ProvisioningSchema.json" -OutputFolder "C:\Reports"

# Another example with different paths
.\EntraAttributeFlows.ps1 -JsonFile "D:\in\schema.json" -OutputFolder "D:\out"

About

Entra ID Attribute Flow Documenter

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages