Azure Active Directory
Last updated November 19, 2021 Microsoft
Organizations that use Azure Active Directory user provisioning (Azure AD) for user management can integrate it with their StarLeaf account. Azure AD integration is included in a StarLeaf Business or Enterprise Host license.
On this page:
- Automatically synchronize new users from Azure AD to StarLeaf
- Automatically synchronize user updates from Azure AD to StarLeaf
- Automatically synchronize user deactivation from Azure AD to StarLeaf
- StarLeaf Host Business plan or Enterprise meeting subscription
- All users currently provisioned in Azure must have a last name in order to sync with the StarLeaf Portal
- Complete StarLeaf Portal configuration (described below).
- Add StarLeaf in Azure AD (described below).
Before you can configure StarLeaf provisioning in Azure AD, you need to know the Tenant URL and Secret Token.
- Log in to portal.starleaf.com .
- Go to Integrations > Add integration.
- Select Microsoft Azure Active Directory and select Apply.
- You see the SCIM server URI and Access token:
- Make a note of the SCIM base URL and Access token. You will need these when you configure Azure AD.
- Log in to the Azure portal https://portal.azure.com .
- Go to Azure Active Directory > Enterprise applications – All applications > Categories.
- Select Add an application.
- Under Add from the gallery, type starleaf in the search field.
- Select the StarLeaf app.
- Select Add.
- Select the Provisioning tab of the StarLeaf application:
- Set the Provisioning Mode to Automatic.
- Enter the SCIM base URL and Access token from the Portal into the Tenant URL and Secret Token fields respectively.
- Select Test Connection. This confirms that you have used the correct credentials.
- Select Save.
- Set Provisioning Status to On.
- Choose a Scope:
- Sync all users and groups: Sync all users and groups in your AD automatically (not recommended).
- Sync only assigned users and groups: Select specific users and/or groups you want to enable StarLeaf for by adding them in the Users and groups tab on the left (recommended).
- Ensure that the box is ticked where it says Clear current state and synchronization.
- Select Save. Setup is complete.
Users added in Azure take a minimum of 20 minutes to appear in the StarLeaf Portal, but this may take longer if there are many users / user groups that need provisioning. StarLeaf recommends to never manually restart provisioning as this can cause Azure to become out of sync with the StarLeaf Portal.
When creating a user in Azure, you must give them a last name for them to be synced with the StarLeaf Portal. If you create a user in Azure and they already exist in the StarLeaf Portal with an identical email address, the user will be managed in Azure from that point on.
If you think your access token has been compromised, you must create a new token. In the StarLeaf Portal, go to the Azure Active Directory Integration and select Regenerate access token and select Apply. You must enter the new token in Azure AD as the Secret Token.