NOTE—Entra ID is the new name for Azure AD, however, Microsoft has still retained the Azure AD URLs, APIs, and authentication libraries for current users. As per Microsoft, the full transition to Entra ID branding should be completed by the end of 2023.
About Jostle/Azure integration
- Requires a two-part setup: Jostle, then Azure
- Once configured, user provisioning is one-way: Azure to Jostle
- Push New Users
- New users created in Azure will be created in Jostle.
- Push Profile Updates
- Updates made to a user’s profile in Azure will be pushed to Jostle.
- Push User Deactivation
- Deactivating a user in Azure will deactivate them in Jostle.
- Push User Reactivation
- Reactivating a user in Azure will reactivate them in Jostle.
NOTE—Azure pushes its changes out in intervals, so it may take up to 40 minutes for a change to be reflected (alternatively, Azure has a Provision on demand option that can be used to immediately push changes for a selected user).
Setup Part 1: Jostle
Before you begin, you’ll need to create an Automation user in your Jostle platform. This will be the account you’ll use to configure with Azure. Automation users can be created in Admin Settings > User Accounts and Data > Manage Automation Users.
For more details on Automation users and how to create one, see this article.
Once created, the Automation user account must be activated (i.e. logged in to your platform at least once) before it can be used to configure Azure.
Manage user provisioning
All Jostle account subscriptions include SSO/user provisioning features. If they are not appearing on your account, you can contact your Customer Success Manager and they can assist you in getting them added.
The next step is to obtain the API URL and API key from Jostle, which you can do in Admin Settings > User Data To/From Other Systems > Manage User Provisioning (if you do not see "Manage user provisioning" here, contact Support to have this page enabled in your Admin Settings).
NOTE—this page also includes a User Account Settings section where you can automatically invite and/or disable/suspend users:
To obtain the API URL and API key
- On the Manage User Provisioning page, scroll down to the User Provisioning API Details section.
- Locate the Your Base URL field and click the Copy button to its right (and save the URL somewhere you can easily access it later).
- Next, click the Add a new key... button
- On the following screen, go to the Automation User field and use the drop-down menu to select your Automation user account.
- In the Provisioning API key description field give your key a name (i.e. “Azure”) and then click the Add button.
- Once your key is generated, make sure to copy it right away and save it where you saved your URL (since this will be the only time your key will appear).
Next, you’ll use the API URL and API key to configure the integration in Azure.
Setup Part 2: Azure
For the Azure part of this setup, we'll be setting up Azure Provisioning as a Non-gallery application (which, fair warning, is a bit of a lengthy process).
- Log in to portal.azure.com and go to Azure Active Directory
- From the left menu, select Enterprise applications
- In the top menu, click on + New application
- In Search application enter Jostle
- Select the Jostle application from the results and then click Create
- From the left menu, select Provisioning and click Get Started
- On the Provisioning screen, go to the Provisioning Mode field and set it to Automatic
- Scroll down and click on Admin Credentials. In the Tenant URL field, enter Your Base URL (that you copied when you were creating your API key in Jostle). In the Secret Token field, enter the API key you created and copied.
- After you've entered the URL and API key, click Test Connection. There should be a message in the top right part of the window which says "The supplied credentials are authorized to enable provisioning".
- Go to the top of the screen and click Save to save the settings so far.
- Scroll back down and click on Mappings to open the next section. Mapping
- Select Provision Azure Active Directory Users.
- Ensure that Enabled is set to Yes
- Optional: if you want to specify filtering on which users you want to sync to Jostle then configure the Scope Object Scope.
- Once you are done specifying scope (optional), ensure that under Target Object Actions, the boxes next to Create, Update and Delete are all checked.
- The default mapping has Azure AD Attribute ‘mail’ mapped to SCIM work email. Since for Jostle, work email is required, make sure you map this to a field where there will always be a value.
- Now add the mappings for the additional fields as desired by selecting Add New Mapping for each attribute. This will bring up a dialog on the right part of the screen. For the following Jostle attributes enter the following mappings values where for the Source attribute you specify the desired attribute from your Azure AD attributes (i.e. an attribute that makes sense to map to that field - if you don't have anything suitable for a field, then just leave it out of the mapping):
emails[type eq "personal"].value
Alternate Email 1
emails[type eq "alternate1"].value
Alternate Email 2
emails[type eq "alternate2"].value
Alternate Email 1 Label
Alternate Email 2 Label
- Click Save and then Yes on the confirmation dialog.
- After the edits, the mapping will look something like this but with the Azure Active Directory Attribute being the ones you chose for the mapping from your Azure AD:
- Click the X in the top right corner (under your name/avatar) to go back to Provisioning.
- In the Settings section, select the desired setting for Scope to sync only users assigned to this application or all users.
- In the Notification Email field, enter the email address where you want to receive alerts and then check the box next to "Send an email notification when a failure occurs" (NOTE—Jostle will also send provisioning failure notifications, so this is optional).
- Turn on provisioning by changing Provisioning Status to On and then click Save (you can click Refresh to update status)
- Some stats are available on the right: View provisioning details and View technical information
- Audit and provisioning details can be viewed by going to View audit logs and View provisioning logs, respectively.