How to Setup Automatic User Provisioning in AzureAD

Leeroy Steele Updated by Leeroy Steele

PERMISSION REQUIRED: Prompt Admin, Agency Admin or Admin

Enable Automatic User Provisioning in Prompt

  1. Navigate to the Edit Organisation > Azure AD page of the organization to have user provisioning enabled
  2. Enable Azure SSO
  3. Fill out the Tenancy ID with your Azure Tenant Id
  4. Enable Automated User Provisioning under the User Creation Details
  5. Select the Default Department and Default Section for users to be created under
  6. Click Save to save the changes and for the authentication code to become visible
  7. Take note of the Provisioning Authentication Code as this will be needed in the Azure setup
    Note: Click the Eye symbol on the right to reveal the authentication code

Setup Automatic User Provisioning in Azure

  1. Sign into the Microsoft Entra admin center as at least an Application Administrator.
  2. Browse to Identity > Applications > Enterprise applications.
  3. A list of all configured apps is shown, including apps that were added from the gallery.
  4. Select + New application > + Create your own application.
  5. Enter a name for your application, choose the option "integrate any other application you don't find in the gallery" and select Add to create an app object. The new app is added to the list of enterprise applications and opens to its app management screen.
  1. In the app management screen, select Provisioning in the left panel.
  2. In the Provisioning Mode menu, select Automatic.
  1. In the Tenant URL field, enter the URL of PROMPT's SCIM endpoint: https://alb-app.prompt.org.au/api/authentication/scim
  2. Copy and Paste the Provisioning Authentication Code from the organization setup into the Secret Token field
  3. Click the Test Connection and ensure it successfully verifies
  4. Select Save to save the changes and Wait for Azure to load the Settings and Mappings sections (this may take 1-2 minutes)

Mappings

  1. In the mappings section click into Provision Microsoft Entra ID Groups and set the Enable status to No

  1. Click into Provision Microsoft Entra ID Users:
    1. Reduce the Attribute Mappings list to just the items in the screenshot below.
    2. Edit `externalId` (Attribute Mapping) and set it to `objectId` as per screenshot below.

Settings

  1. In the Settings section, set the Scope to Sync only assigned users and groups
  1. Enable the provisioning
  1. Save the changes

User Assignment

  1. Click Users and groups in the left side panel
  2. Click Add user/group
  1. Search for the user or group of users that you want to have access to the PROMPT system
  2. Select and click Assign to assign these users to the application
Note: Provisioning occurs on a 40-minute interval.
Users should be added to the group with an active account status initially. This is required to run the initial provisioning and sync azure users to Prompt.
After the initial sync, users can then be disabled in Azure (if you want to disable them in Prompt)

How did we do?

How to change my profile picture

How to set up an anonymous user

Contact