So to provision users into Azure AD as per above:
"Azure AD provides automated, advanced user life-cycle management by using dynamic group membership rules and application management capabilities. Here’s more detail:
- For organisations with on-premises HR, Microsoft Identity Manager establishes user identities in Windows Server Active Directory.
- For organisations with software as a service (SaaS)–delivered HR, Azure AD currently integrates with Workday.
- Azure AD Connect syncs users and groups between Windows Server Active Directory and Azure AD.
- Azure AD provides group-based automated licensing for Office 365 and other Microsoft on line services."
Or manually via the portal.
Or via B2B.
What is really needed as well is a browser-based provisioning service into Azure AD that does not require the use of the Azure portal, admin rights. etc.
Extra brownie points for adding delegated admin. as well :-)