azure active directory · step 2 - synchronization settings • customer type - choose the customer...

Azure Active DirectoryAzure Active Directory is an easy to use solution which lets you provide single sign-on (SSO) access to thousands of cloud SaaS Applications.

This guide explains how to integrate Azure AD with the ITarian platform.

• Prepare the Azure Portal

• Configure your Account for Azure

• How to find the 'Tenant Name'

• Add Groups and Users to Azure Active Directory

• Create an Azure AD Account in your Portal

• The 'Azure Active Directories' Interface

• View Active Directory Details

• Manually Synchronize User Groups from Azure Active Directory

Prepare the Azure Portal

1. Sign in to Azure Active Directory

a) If you already have a Microsoft account with Azure Active Directory rights, go to:https://portal.azure.com/

b) If you have a Microsoft account but don't have Azure Active Directory rights, go to: https://azure.microsoft.com/en-gb/trial/get-started-active-directory/

b.1) Click the enable now buttonb.2) Login to your accountb.3) Choose "Sign up for Microsoft Azure"b.4) Enter required info to register (If you are creating a test account create a virtual credit card to

Sign Up)

2. Click "Azure Active Directory" in the Azure portal

Azure Active Directory Synchronization | © 2020 ITarian | All rights reserved 1

Azure Active Directory (Azure AD)

https://azure.microsoft.com/en-gb/trial/get-started-active-directory/

https://portal.azure.com/

3. You can add users and user groups from Azure Active Directory menu. Click here if you want more help with this.

• Note - Only users in a group are synced and displayed in the ITarian Portal.

Configure your Account for Azure After the Azure portal is prepared, you should integrate the Azure AD account with your ITarian account.

• Login to your ITarian account at https://www.itarian.com/

• Click 'Management' then 'Azure Active Directory'



https://www.itarian.com/

• Click the 'New Azure Active Directory' button to start the integration wizard

• The wizard requires you to enter your tenant name, select customers and add AD groups for your customers. See 'Create an Azure AD Account in your Portal' for more information.

See the explanation below to find the tenant name.

How to Find the Tenant Name

• Log in to your Azure portal

• Click 'Azure Active Directory' on the left then 'Overview'



The tenant name is displayed below your Azure account name.

Add Groups and Users to Azure Active DirectoryAll group and user operations can be reached on the Azure Active Directory main page.



• Users need to be a member of a group in Azure if you want to import them to ITarian. Therefore, if you want to sync your users, assign them to a group on Azure. The assign operation can be managed through both groups and users.

• You can add any group with a name of your choice.

• To add a user, you need to define a name and user name.

Field Name Type

Name Alphanumeric.

User Name In mail format, domain is set as the Azure domainName. See screenshot below.

A password is created for each user on the user creation page.



Create an Azure AD Account in your Portal

Note - You must already have an Azure AD account in the Microsoft portal before you can add Azure to ITarian.

Add an Azure AD account to ITarian

• Click 'Management', then 'Azure Active Directory'



The 'Azure Active Directories' interface opens:

• Click 'New Azure Active Directory' button at the top

• The 'New Azure Active Directory' wizard starts:



Step 1 - Configure Azure Active Directory Settings

• Tenant - Enter your Azure Active Directory domain name. The Azure AD domain name is found in the Azureportal. See How to find the tenant name if you can’t find it.

• Click 'Next Step'

• You are taken to the Azure portal. Provide your Azure account credentials and click 'Sign in'.

• After successful Azure account validation, configure the synchronization settings in Step 2.



Step 2 - Synchronization Settings

• Customer Type - Choose the customer type you want.

• Single Customer - All AD user groups are synchronized to the same ITarian customer.

• Multi Customer - AD groups can be synchronized to different ITarian Customers.

• Customer - This is available if 'Single Customer' is selected. Select the company with whom the Azure AD should be synchronized.

• Enable Azure Active Directory Synchronization - Select when the synchronization process should take place. All future syncs will take place at this time.

Click 'Next Step' to continue.



Step 3 - Finish

• The final screen shows all user groups defined in AD. You need to choose which groups you want to import and what role you want to give users imported from a particular group.

• Role Selection - Choose the ITarian role you want to assign to users imported from the group. Note: The 'End User' role (default) is not defined in Azure AD. Users enrolled as 'End User' will be added to Service Desk as end users.

• Sync Status: 'Enable' - Imports users from the group after you click 'Synchronize Now'

'Disable' - Does not import users from the group after you click 'Synchronize Now'

• Click 'Synchronize Now' to start the initial import process.

• Click 'OK' on the confirmation alert

• Your AD account is added to ITarian and users from selected user groups are imported. ITarian will



periodically synchronize with AD to update user lists.

The Azure Active Directories Interface• Click 'Management' then 'Azure Active Directory' to view this interface.

• The Azure active directories interface shows all Azure accounts added to ITarian.

• You can also edit account details and initiate manual synchronization with a selected AD account.

Azure Active Directories - Column Descriptions

Column Header Description

Tenant Your Azure Active Directory domain name.

• Click the domain name to open the 'Azure Active Directory Details' interface of the AD account

The details interface allows you to view account details and list of users/user groups. You can also edit group settings. See View Active Directory Details for more details.

Status Whether or not the AD account is enabled to import user groups to ITarian.

Sync Status Whether or not the sync is complete or in-progress.

Last Sync Date Date and time of the most-recent synchronization.

Creation Date Date and time the account was added to Azure AD.

Update Date Date and time of last update to account details.

• Click any column header to sort items in ascending or descending order of entries in that column

Edit an AD account

• Select the account and click 'Edit' at the top



• The 'Edit Azure Active Directory' dialog opens.

• Enable Azure Active Directory Synchronization - Update Azure AD synchronization status. If enabled, select when the synchronization process should take place. All future syncs takes place at this time.

Remove an AD account

• Select the account and click the 'Delete' button at the top.



View Active Directory Details• Active directory details lets you view AD domain name, users/user groups, and other details about your AD

account.

• You can also change the role assigned to a group.

View the details of an AD account

• Click 'Management' then 'Azure Active Directory'

• Click the domain name of an AD account in the 'Tenant' column

This opens the details interface, which shows all Azure user groups added to ITarian:

Active Directory User Groups - Column Descriptions

Column Header Description

Group Name The name of the user group.

• Click the group name to view users in the group. See View Users in a Group for more details.

• 'Not Editable' means that it is already in use by another MSP account. To makeit editable, disable or remove it from the other MSP account.

Role • The role (other than 'End User' and 'Account Admin' roles) assigned to users inthe group.

• 'End User' is the default role (not available in ITarian). 'Account Admin' role is not applicable.

• You can change the role by editing the group. See Edit a User Group for moredetails.

Synchronization Shows whether or not ITarian will sync with Azure to update user roster and user details.

Account Contact Email The email address of the admin responsible for the AD account in Azure.



Customer The customer company to which the user group is assigned.

Sync Status The progress of the last synchronization operation.

Last Sync Date Date and time of the last synchronization between ITarian and Azure AD.

View Users in a User Group

• Click 'Management' > 'Azure Active Directory'

• Click the domain name of an AD account in the 'Tenant' column

• Click on the group whose users you want to view:

All users in the group are listed. User details include their email address, synchronization status, account status and their last login date.

Edit a User Group

• Select a user group and click 'Edit' at the top



Edit Active Directory User Group - Form Parameters

Form Element Description

Role • Select the role you want to assign to the group.

• Users assigned 'End User' role will be added as end users in Service Desk andcannot access ITarian.

Tip: You can revert the roles to their Azure originals by clicking 'Set Default Role'

Synchronized Enable or disable synchronization of user list from this group to ITarian portal.

Customer Select the customer company for which the users from this group are to be imported intoITarian.



• Click 'Save'.

Manually Synchronize User Groups from Azure Active Directory

• ITarian periodically synchronizes with Azure to update imported user groups. Synchronization ensures any changes to the user database in AD are reflected in the portal.

• You can also manually synchronize at any time. This is useful if there have been a recent changes to the AD user list.

Manually synchronize

• Click 'Management' then 'Azure Active Directory'.

• Select the target Azure accounts then click 'Synchronize':

• Click 'OK' in the confirmation dialog

The synchronization starts. You can see the progress in the 'Sync Status' column.



azure active directory · step 2 - synchronization settings • customer type - choose the customer...

Documents