Is it been forced to use Group-managed service accounts for the new further installation of " Microsoft Azure AD Connect Provisioning Agent"
Configuring User Deployment of SAP SuccessFactors in Active Directory
I am following the below article to setup and configure the installation process for the Azure AD Connect Deployment Provisioning Agent (Azure Active Directory) from SAP successFcator to on-premise AD but please let me know if their is a control to bypass gMSA option and use your own custom service account option due to my network controls. let me know the options and also what are the controls when provisioning AD accounts, with SAP SF as source, about how password can be provided.
Chetan Desai commented
Thanks for your feedback. We will update the docs, so that it is easy to discover.
You have two options:
1) You can create your own GMSA account and specify it in the config wizard OR
2) You can skip the GMSA account creation and use a non-GMSA account for provisioning - Refer: https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-manage-registry-options#skip-gmsa-configuration
The solution does not log the password generated for new users. It's the same behavior as Workday provisioning. See: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial#when-processing-a-new-hire-from-workday-how-does-the-solution-set-the-password-for-the-new-user-account-in-active-directory