Introduction
This article provides step-by-step instructions for setting up user provisioning between Guardey and Microsoft Entra ID (Azure AD) using a non-gallery application. This allows for automated user management and integration between your Microsoft Entra ID (Azure AD) environment and Guardey.
Prerequisites
- An active Azure subscription.
- Administrative access to the Microsoft Azure portal.
- Guardey account with administrative privileges.
Note! There are two different Guardey ‘Enterprise Applicatons’.
For the Azure AD connection, you must use the app ‘Guardey Azure AD’ and
not the ‘Guardey login’ app.
Tip: If you want to have the users in various groups within Guardey, for example for the competition element. Then create the groups within Azure AD beforehand. This is because the group selection of the users is inherited from Azure AD. Do you have more questions about this? Then email support@guardey.com
Step 1: Registering Guardey in Microsoft Entra ID (Azure AD)
- Log into Azure Portal: Access your Azure Entra ID (Active Directory) (https://portal.azure.com/).
-
Enterprise Application: Navigate to the Enterprise Applications section and select "New application." Choose the "Integrate any other application you don’t find in the gallery (Non-gallery)" option.
- Set up Basic Application Info: Name your application (e.g., Guardey Integration) and complete any other necessary details.
Step 2: Configuring Microsoft Entra ID (Azure AD) for SCIM
- On the overview page, you can optionally assign specific users or groups. Only those selected users or groups will be synchronized to Guardey.
- Access Provisioning: In the application, go to the "Provisioning" tab.
-
Enter SCIM Endpoint: Provide the SCIM endpoint URL provided by Guardey. To find these information you have navigate to the Admin portal of Guardey and follow these steps:
- Go to Settings of the organization.
- Go to "Advanced" settings.
- Enable the switch for the Microsoft Entra ID (Azure AD).
- Copy and paste this information.
- Authentication Token: Enter the authentication token or secret token required for SCIM communication between Microsoft Entra ID (Azure AD) and Guardey.
- Test connection: Click Test Connection and wait while the check takes place.
- Save: Once the check is complete, click Save and then close the window.
- Start Provisioning: Click on start provisioning.
-
Beginning the user provisioning process will sync your Microsoft Entra ID (Azure AD) accounts to Guardey.
Note! Immediately (up to 40 min) after synchronization, employees added to the Guardey app will receive an invitation to start with Guardey.
You can cancel Azure Provisioning at any time. To do this, you need to remove the SCIM credentials in the Guardey app and delete the Guardey app in your Azure AD. After this, all relationships with Azure AD will be removed. If you want to enable Provisioning again later, you will have to set it up from scratch.
Note: Please be aware that you will lose the integration between SCIM and Guardey if the feature is disabled or if you add new credentials to the Azure settings.
Managing Users from Azure AD
Once enabled and you have provisioned at least one member or team, you will receive a message indicating that you can only add and edit provisioned members or teams in Microsoft Entra ID (Azure AD). This means that provisioned members and teams become read-only; you cannot edit or delete them in Guardey.
User Language Settings
Guardey is available in over 10 languages. The preferred language of users can be set via Azure AD parameters, with the default language in Azure AD being English. If you want users to use a different language, such as Dutch, in Guardey, you have two options:
- Ensure that the language parameter of the user is correctly set in Azure AD.
- Disable the synchronization of the language parameter in the Guardey portal.
You can do this via the organization settings. Navigate to "Details," select the desired default language, and switch off the option to synchronize the language from Azure AD. From that point on, users can also adjust the language themselves within their own accounts.
Note: If you have edited provisioned info, such as the name of a team, and you re-enable Provisioning, keep in mind that Azure will not be able to find the team and will create a new team. The same applies to members who change their email addresses.
Comments
0 comments
Please sign in to leave a comment.