Documentation forAccess Rights Manager

Create a user account in Azure Active Directory

Background / Value

With Access Rights Manager you can quickly create standardized user accounts. You can delegate the process to the Helpdesk and further simplify and standardize it using specifically customized templates for different company roles.

You can assign an Office 365 license and if Exchange Online is covered by this license, a mailbox for the new user is created automatically.

Use this feature on managed Azure Active Directory domains only. For federated domains that are synced with an on-premise AD, you must create the user in the leading on-premise AD.


Related features

Customize templates for account creation (please refer: Customize Access Rights Manager templates)

Create a mailbox in Exchange Online


Step-by-step process

  1. Click Start.
  2. Click Create new user or group.


Access Rights Manager offers 4 standard templates. If you add an Azure Active Directory (AAD) as a resource to ARM then you will find two templates for creating new users and groups in AAD.

You can customize the Azure templates in the same way as for other resources. We recommend using customized templates as this simplifies and speeds up the process.

  1. Select a New Azure AD User template.
  2. Click Select.


  1. Enter the required information. Please keep in mind, that you can customize the template, for example hide input fields, create or validate inputs. For more information please see the customizing templates section.
  2. Select the location of the new user. This is mandatory and will be used for Office 365 billing purposes.
  3. Select a license. If Exchange Online is included in the license, a new mailbox will be created.


  1. Enter the credentials that will be used to create the new user account. Credentials can be stored in the Azure AD change configuration.

  2. You must enter a comment.
  3. Start or schedule the process.

If you see an error message that includes a request for an immutable ID then you are trying to add a new user to a federated domain. You can not use this feature to create a new user in a federated domain. In such cases create the new user in the leading on-premise AD.