Azure Active Directory
Last updated April 8, 2019
Organizations that use Azure Active Directory user provisioning (Azure AD) for user management can integrate it with their StarLeaf account. Azure AD integration is an additional option on your StarLeaf Enterprise account.
On this page:
- Automatically synchronize new users from Azure AD to StarLeaf
- Automatically synchronize user updates from Azure AD to StarLeaf
- Automatically synchronize user deactivation from Azure AD to StarLeaf
- Azure edition Premium P1 or P2
- StarLeaf Enterprise subscription
- Complete StarLeaf Portal configuration (described below).
- Add StarLeaf in Azure AD (described below).
Before you can configure StarLeaf provisioning in Azure AD, you need to know the Tenant URL and Secret Token.
- Log in to portal.starleaf.com
- Go to Integrations > Add integration.
- Select Microsoft Azure Active Directory and select Apply.
- You see the SCIM server URI and Access token:
- Make a note of the SCIM base URL and Access token. You will need these when you configure Azure AD.
- Log in to the Azure portal https://portal.azure.com
- Go to Azure Active Directory > Enterprise applications.
- Select New application.
- Select Non-gallery application.
- Give the application a name and choose Add.
- On the Overview page:
- Set Provisioning Status to On.
- In Mappings, select Synchronize Azure Active Directory Groups
- Ensure that Enabled is set to ‘No’.
- Select Save and close the page.
- Select Synchronize Azure Active Directory Users to customappsso.
- Ensure that Enabled is set to ‘Yes’.
- Ensure that Target Object Actions (‘Create’, ‘Update’, and ‘Delete’) are all ticked.
- Customize the mappings so that they are as follows:
Azure AD attribute Customapp attribute matching precedence Compulsory attributes objectId externalId userPrincipalName username 1 Not([IsSoftDeleted]) active userPrincipalName emails[type eq “work”].value givenName name.givenName surname name.familyName displayName name.formatted The following attributes are dependent on your AD configuration, but will include some of: mobile phoneNumbers[type eq “mobile”] telephoneNumber phoneNumbers[type eq “work”] preferredLanguage preferredLanguage
- Select Save.
- Close the Attribute Mapping page and navigate back to Provisioning.
- Ensure that Scope is set to ‘Sync only assigned users and groups’.
- Ensure that the box is ticked where it says ‘Clear current state and synchronization’.
- Select Save.
You see the Overview page of the StarLeaf application.
Users added in Azure AD take a minimum of 20 minutes to appear in the StarLeaf Portal. This may take longer if there are a lot of users / user groups.
If you add a user to Azure AD and this user already exists in the StarLeaf Portal with an identical email address, the user will be managed in Azure AD from that point on.
If you think your access token has been compromised, you must create a new token. In the StarLeaf Portal, go to the Azure Active Directory Integration and select Regenerate access token and select Apply. You must enter the new token in Azure AD as the Secret Token.