Connect allows you to create, remove, and manage your users through Microsoft Azure via Entra ID. Make sure that you have completed the previous steps outlined in the SSO and Directory Service - Start Here! document beforehand
NOTE: A P2 license in Azure AD is required to setup provisioning. This is found in Azure in Overview > Basic Information > License
NOTE: These instructions presuppose that you have security groups setup in Microsoft Entra ID for the Connect application. If you do not please prepare these first
Setup Provisioning in Microsoft Entra ID
- Select "Enterprise Applications" in Microsoft Entra ID
- Select "New Application"
- Select "Create your own application"
- Name the app "Extensis Connect Provisioning", check the radio button for Integrate any other application you don't find in the gallery (Non-gallery)" and select "Create"
- Once created, navigate to "Provisioning" on the left-hand side
- This will open the provisioning page. Select Manage>Provisioning from the left-hand side
- Select "Automatic" from the drop down menu
- In a separate tab or window, navigate to connect.extensis.com
- In Administration>Directory Service select the "Provisioning Configuration" Tab
- Return to the provisioning page in Azure and copy the values from Connect to the matching fields under "Admin Credentials" section
- Select "Test Connection"
- If the test is successful, save the configuration
- This will add a "Mappings" section. Under Mappings, select "Provision Microsoft Entra ID Users"
- Uncheck "Delete"
- Under "Attribute Mappings" remove all but the following attributes:
userName
active
emails[type eq "work"].value
name.givenName
name.familyName - Save these changes
- Under Mappings, select "Provision Microsoft Entra ID Groups"
- Under "Attribute Mappings" remove the externalID attribute
- Save these changes
- Return to the Overview page of your Enterprise App registration and select "Users and groups"
- Select "Add user/group"
- Click on "None Selected" on the left-hand side
- Select the groups you wish to add to Connect
- Click "Assign"
- Navigate to Provisioning and click "Start Provisioning"