Set up and use provisioning for Azure

Learn how to set up and use provisioning to sync users and groups from Azure to TrackTik.

Overview

You can provision users and groups from Azure to TrackTik to reduce manually adding each employee or role to TrackTik Portal. The provisioning process reduces administrative errors and is a great way to save time, which ultimately saves money.

Before you start

Here are some things you must do before you start:

• Get Microsoft Azure admin access to MS Azure Active Directory and Enterprise applications.
• We recommend checking out Getting started with provisioning for Azure or Okta.
• Contact our Support team to get a provisioning token.
  
  • This requires knowing which portal URL you want the access token for and the administrator credentials that can take care of the integration.

Set up and use provisioning for Azure

Setting up and using provisioning for Azure is a five-part process. We broke out the process into digestible steps to make your provisioning process experience a good one.

Step 1: Create a provision application

To set up provisioning, you must create an application.

To create a provision application:

1. Log into your Azure Active Directory admin center as an admin.
2. In the side menu, select All Services.
   
3. In Identity, select Enterprise applications.
4. Choose + New application.
   
5. Select + Create your own application.
   
6. In the What’s the name of your app box, enter a name for your SCIM integration and choose Integrate any other application you don’t find in the gallery (Non-gallery).
7. Select Create.

The application is now created. You can now set up and test your provisioning connection.

Step 2: Set up and test your provision connection

After creating your provision application, it’s a good idea to test your provision connection.

To test your provision connection:

1. Open the application you created in Step 1: Create a provision application. If you created an application:
   

   1. Log into your Azure Active Directory admin center as an admin.
   2. In the side menu, select All Services.
      
   3. In Identity, select Enterprise applications.
   4. Select an application name from the list.

2. In Getting Started, find 3. Provision User Accounts and select Get started.
   
3. In the side menu, under Manage, choose Provisioning.
   
4. In the Provisioning Mode drop-down menu, select Automatic.
5. Select Admin Credentials, and enter your tenant URL in the Tenant URL box.
   

   Your tenant URL looks something like https://<tracktikDomain>/rest/scim/v2/.

6. Enter your access token in the Secret Token box.
   

   If you don’t have a token, check out Before you start about how to get one.

7. Select Test Connection. If your test is successful, a message shows that confirms this. If your provisioning is successful, you can start mapping. If your test is unsuccessful, contact the Support team and try again.
   
8. Select Save.

You’re now ready to map your data flow.

Step 3: Mapping the data flow for users and groups

Once you test your provision connection, you must set up and map the data flow.

To map your data flow:

1. Follow steps 1 to 3 in Step 2: Set up and test your provisioning connection.
2. Select Mappings > Provision Azure Active Directory Users.
3. For the Enabled toggle, switch it to Yes.
4. In Target Object Actions, select Create, Update, and Delete.
   

   We recommend not adjusting the Attribute Mappings.

5. Go back to Mappings and select Provision Azure Active Directory Groups.
6. In Target Object Actions, select Create, Update, and Delete.
   

   We recommend not adjusting the Attribute Mappings.

Your data flow is now mapped.

Step 4: Set up users and groups to sync

Once your data flow is mapped, you must set up users and groups to sync to TrackTik.

To set up syncing for users and groups:

1. Follow steps 1 to 3 in Step 2: Set up and test your provisioning connection.
2. Select Overview.
3. Select Provisioning, and in Manage provisioning, choose Update credentials.
4. Select Settings.
5. In the Scope drop-down menu, choose Sync only assigned users and groups.
6. In the breadcrumb at the top, select the overview of your SCIM.
   
7. In Manage, select Users and groups and select + Add user/group.
   
8. In Users, select None Selected.
9. In the Search box, enter the name of the user or group you want to sync to TrackTik and choose the user or group.
   

   All members of a group are provisioned.

10. Select Select > Assign.

Your users and groups are ready for synchronization.

Step 5: Sync from Azure to TrackTik

Once you’ve set up your users and groups, you can sync your data to TrackTik.

To start syncing data from Azure to TrackTik:

1. Follow steps 1 to 2 in Step 2: Set up and test your provisioning connection.
2. Choose Start provisioning.
   

   This isn’t instant and does take time. The provisioning runs every 20 to 40 minutes.

   

Once the provisioning is complete, your data is synced to TrackTik.

Finding a provisioned user in TrackTik

Users in Azure are converted to employees in TrackTik.

To see a provisioned user in TrackTik:

1. Log into your TrackTik Portal.
2. Select Employees.
   

   Users are assigned to the HQ region in TrackTik.

3. In the Type to filter box, enter the employee's name; the employee shows in your search.

You can also select View for the employee and choose the History tab to see the provisioning details.

Finding a provisioned group in TrackTik

Groups in Azure are converted to roles in TrackTik.

To find a provisioned Group in TrackTik:

1. Log into your TrackTik Portal.
2. Select Settings.
3. In General Configurations, select Roles & Security. 

The group is provisioned to your Staff Portal Roles.

See also

• Set up Azure single sign-on (SSO) for TrackTik
• Getting started with provisioning for Azure and Okta
• Set up and use provisioning for Okta