Versions Compared

Old Version 27

changes.mady.by.user Mari Fuglem

Saved on

compared with

New Version 28

changes.mady.by.user Steinar Line

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open the Azure admin portal at https://portal.azure.com

    • Go to Microsoft Entra ID

    • Open the Enterprise applications menu

  2. Add a new application

    • Click the new application button (plus button at the top)

    • Select Create your own application

      image-20240108-131006.png

    • Give the application a suitable name

      image-20240108-131107.png

    • Click Create and wait a few seconds for the app to be created.

  3. Enable automatic provisioning

    • Open the Provisioning menu, and change the provisioning option from Manual to Automatic. This will make several new options appear, but it won't be able to save yet.

      image-20240108-145202.png

  4. Configure admin credentials

    • Expand the Admin credentials drawer if it isn't already open. Copy the tenant URL and application secret for Kantega SSO Enterprise into Microsoft Entra, as shown in the below screenshot.

    • image-20240108-154511.png

      After filling in the required fields, click the Test Connection button. If everything is working, you should get a notification, and the Save button should become available.

  5. Set the provisioning scope

    • Set the provisioning scope to only assigned users and groups. Rarely would you want to provision the entire company. Leave provisioning status to OFF for now. Finally, click Save to persist the settings so far.

  6. Configure attribute mappings

    • Mappings control the user account attributes that flow from Mirosoft Entra to Kantega SSO Enterprise. Under Provisioning settings, expand the Mappings drawer, then click Provision Azure Active Directory Users.

    • Some mappings needs to be changed and some mappings are unused and can be deleted.

      You should now see a list of default attribute mappings. Leave the following as they are by default:

      • userPrincipalName

      • active

      • givenName

      • surname

    • Change the Mapping type for the following mappings emails[type eq "work"].value, displayName and name.formatted from Direct to Expression, using the expressions from the table found below. Click a row to edit, modify according to the table, then save. The need for this change is since Atlassian accounts require a non-empty username, name, and email address, so you will need to provide a mapping that assures values for all of these, or provisioning of certain users may consistently fail.

    • image-20240108-163028.png

New Azure Active Directory Attribute

SCIM attribute

Comment

Code Block
Switch(IsPresent([mail]), , "True", [mail], "False", [userPrincipalName])

emails[type eq "work"].value

This expression will use userPrincipalName instead of mail for users that don't have [mail]. You can leave this on default if all your users have an Outlook license. You may use a different fallback source than userPrincipalName, too, but you must supply a non-empty value, or provisioning will consistently fail for affected accounts.

Code Block
Switch(IsPresent([displayName]), , "True", [displayName], "False", Join(" ", [givenName], [surname]))

displayNameNot sure if needed.

name of the user

Code Block
Switch(IsPresent([displayName]), , "True", [displayName], "False", Join(" ", [givenName], [surname]))

name.formatted

Similar to the case with email, some types of users don't have givenName or surname. This expression prefers displayName when present.

name of the user

  • Delete the remaining attributes, then click save. Kantega SSO Enterprise currently won't use them. You should end up with something like these 7 attributes:

...