You can integrate Microsoft Azure Active Directory (Azure AD) with pdk.io to import and sync users and groups automatically.
-
- Note: In order to complete this process you must have integrator access in pdk.io and administrator permissions in Azure AD.
To set up the integration:
Setting up and enabling the Azure AD integration is a multi-step process that takes place in both pdk.io and the Azure AD Portal.
The integration between ProdataKey and Azure AD allows for multiple Azure AD instances to be synchronized with a cloud node and also allows for multiple cloud nodes to be synchronized with a single Azure AD instance.
Below we will walk through creating an integration between a single cloud node and a single Azure AD instance.
Pdk.io
Enabling the Azure Active Directory integration for a Customer.
- Hover over a customer name listed in the Customers section of the screen (also containing the Cloud Nodes and Permissions sections) and click the Pencil icon.
- Check the Azure Active Directory option in the Available Database Integrations section.
- Click SAVE.
Adding the Azure AD Instance for Synchronization
- Click on the same customer.
- In that customer’s screen, hover over the Cloud Node to be integrated with Azure AD and click the Pencil icon.
- Click the AZURE ACTIVE DIRECTORY icon.
- Click the + icon next to Instances to open the Add Integration screen.
- Complete the Add Integration form.
Add Integration Fields
- Name - The name of the instance is used for several purposes as follows.
-
- Creating the Azure AD group in pdk.io: The name of the instance is used for generating the pdk.io group name that all users/people will be associated with. The name of the group is formatted as follows: “AAD-(Instance Name)”.
- For example: an instance name of “Active Directory” will create the PDK group “AAD-Active Directory”
- Identify the instance: The instance name is used to easily identify the azure active directory instance being examined. This is especially useful if multiple Azure AD instances are associated with a single cloud node.
- Creating the Azure AD group in pdk.io: The name of the instance is used for generating the pdk.io group name that all users/people will be associated with. The name of the group is formatted as follows: “AAD-(Instance Name)”.
- Partition - Select the ProdataKey partition the azure integration will be associated with.
- Group Mappings - The group mappings feature is used to create custom associations between Azure AD groups and pdk.io groups. When a group mapping is created it will add the users in the selected Azure AD Group to a specific pdk.io group in addition to adding them to the default Azure AD group. This allows for the management of access permissions by assigning specific Azure AD groups to pdk.io groups with existing rules.
Add Group Mapping Fields
-
- Azure Group - Input the exact name of the desired Azure AD group as it is displayed in the Azure AD Portal.
- PDK Group - Input the exact name of the desired pdk.io group as it is shown in pdk.io. As characters are added to this field it will present you with a list of auto-complete options available from current groups. You also may create a new group using this field if a group name is entered that does not currently exist.
- Special Azure Groups: The special azure groups section enables you to automatically issue bluetooth or touch mobile credentials to members of a specific Azure AD group provided that the members of that group have their email address populated.
-
- Bluetooth Access: Input the exact name of the desired Azure AD group as it is displayed in the Azure AD portal that you wish to have bluetooth credentials automatically issued to.
- Touch Mobile: Input the exact name of the desired Azure AD group as it is displayed in the Azure AD portal that you wish to have touch mobile credentials automatically issued to.
6. Click Save to add the instance to the cloud node.
7. Integration Token: Once Save is clicked a screen is presented that provides the secure token that will be used while setting up the Azure AD portal for the integration. You will need to copy and save this token information for use later in the Azure AD portal. Once TO CLIPBOARD is clicked this screen will close.
-
- Note: If for any reason the token was not copied completely you are able to reissue a new token by clicking the REISSUE TOKEN button which is visible after saving the instance.
Azure
Adding the ProdataKey Application to Azure.
- Navigate to the azure portal
- Click on Azure Active Directory in the Azure Services section of the screen.
- In the menu on the left Click on Enterprise applications in the Manage section of the list.
- Next Click on + New Application in the top left of the screen.
- Then Click on + Create your own application.
- Enter a descriptive name in the What’s the name of your app? Field.
-
- For example - “Main Office PDK Panel”
-
- Select Integrate any other application you don’t find in the gallery (Non-gallery) from the What are you looking to do with your application? List.
- Click on Create.
- Click on Provisioning
- Next Click on Get started.
- You will then be presented with a drop down field Provisioning Mode, select Automatic from the list.
- Expand Admin Credentials
- In the Tenant URL field enter - https://aad.pdk.io
- In the Secure Token field paste the token information that was copied from pdk.io after saving the Azure AD Instance.
- Click Test Connection, if your configuration is correct you will receive the following message.
- Then Click on Save.
Configuring Azure AD Groups to Synchronize with pdk.io.
- Navigate to the overview screen for the enterprise application that was just created.
- Click on Users and groups
- Then Click on + Add user/group to open the Add Assignment screen.
- Next Click on None Selected to open the screen which allows you to select which Azure AD users and groups to synchronize with pdk.io.
- Click the Assign button.
Enabling provisioning in Azure AD
- Navigate to the overview screen for the enterprise application that was just created.
- Click on Provisioning
- Then Click on Start provisioning.
Azure AD and pdk.io are now connected and will begin synchronizing users from Azure AD to pdk.io
-
- Note: The Azure AD provisioning engine may take up to 40 minutes to synchronize users/groups from Azure AD to pdk.io.
Comments
0 comments
Please sign in to leave a comment.