User Provisioning Setup
User Provisioning Setup
Embedded Files
What is it?
What is it?
This document describes how to set up the Azure Active Directory (AAD) user provisioning for DragOnce account synchronization from (AAD). In general, the users created in AAD and added to the specific Enterprise Application can be synchronized to DragOnce.
The synchronization actions are including:
Create
Update
Suspend (and Delete)
When and how to use it?
When and how to use it?
To complete the account synchronization, there are some pre-conditions.
AAD must be used
Enterprise Application can be added to AAD
Contact us for infrastructure and database setup
How to configure it?
How to configure it?
Get SCIM Info
Get SCIM Info
SCIM is the standard which is used to synchronize account information from AAD to DragOnce. The SCIM information can be copied from the DragOnce subscriber.
1.Go to the Admin Panel, and then open the User Provisioning tab.
2.Click the ‘Generate’ button to get the SCIM token key. Copy and keep your SCIM token. After generating the key, you WILL NOT be able to copy the key again.
3.The SCIM Token will be masked after the generation. If you forget the token, click the ‘Regenerate’ button to get a new token key.
Information !
The old Token key will be invalid after regenerating the new one, you must update the corresponding AAD synchronization settings where you use the old key.
Setup provisioning in AAD
Setup provisioning in AAD
Please be aware that the interface may have differences due to the update of AAD, check Microsoft support if needed.
1.Login your Azure portal and open the Azure Active Directory.
2.Go to the Enterprise applications
3.Click ‘New application’.
4.Click ‘Create your own application’.
5.Enter the application name and click ‘Create’ to continue.
6.After the creation, open your Enterprise application and go to Provisioning.
7.Click ‘Get started’ to continue.
8.Choose ‘Automatic’ for Provisioning Mode. Copy the ‘SCIM Endpoint’ and SCIM Token from DragOnce, paste to ‘Tenant URL’ and ‘Secret Token’ correspondingly.
Information !
Click the ‘Test Connection’ button to check if you have entered the correct URL and Token.
9.Click the ‘Save’ button.
10.Open the ‘Provision Azure Active Directory Users’ under the Mappings section.
a.Configure the ‘Attribute Mappings’ as the below table. You may need to Delete some default attributes which are not in use.
b.Pay attention to the settings of ‘objectId’ and ‘userPrincipalName’. Follow the below settings.
c.Save the Attribute Mapping settings after the configuration
11.Go back to the Provisioning page and click ‘Start provisioning’
Manage User & Group for provisioning
Manage User & Group for provisioning
1.Go to the Users and groups page, click ‘Add user/group’ to add user / group to your Enterprise application.
Information !
The users and group members of the connected enterprise application will be synchronized to DragOnce. The frequency of synchronization is controlled by Microsoft Azure.
2.You can add / remove users from the enterprise application when needed.
FAQ
FAQ
When will the user information synchronize to DragOnce after the modification in AAD?
The frequency of synchronization is controlled by Microsoft Azure, please refer to the guidelines of Azure for details.
Why do some users cannot be synchronized to DragOnce?
Please check the Provisioning logs in AAD or SCIM logs in DragOnce to check if there are any error messages.
Why can't I find the User Provisioning settings in DragOnce?
The User Provisioning is a paid enterprise feature on request, please contact us if you want to enable it.
How to connect an existing DragOnce account with AAD?
You can go to the DragOnce Admin Panel and update the ‘Object ID in Azure AD’ in the user account details manually. However, please be aware that the mismatching of Object ID and Login account may cause errors in AAD.
What can I do if AAD saved an incorrect DragOnce account identifier for synchronization?
This issue may be caused by the mismatching of Object ID and Login account. There are two methods to solve this issue:
a. Check and update the incorrect ‘Object ID in Azure AD’ in DragOnce. Disable the existing provisioning of the enterprise application in AAD. Create a new enterprise application to replace the old one.
b. According to the Q&A from Microsoft, following the steps below can reset the saved identifier in AAD.
Go to https://developer.microsoft.com/en-us/graph/graph-explorer/preview and sign-in with a Global Admin account by clicking on the "Sign in to Graph Explorer" button on the left.
Note: In the above call, {id} needs to be replaced with Object ID of the DragOnce Enterprise Application and {jobId} with Synchronization Job ID that you will find under provisioning blade as highlighted below:
External Resources
External Resources
WorkflowGen for Azure
https://docs.advantys.com/workflowgen-for-azure
Microsoft Q&A
https://learn.microsoft.com/en-us/answers/
Page updated
Report abuse