Follow

User Provisioning: Azure Integration

 

 

User Provisioning

Currently Jostle's User Provisioning API can only be used for integration with Azure AD or Okta. For more information about the User Provisioning API, please see this article

 

About Jostle/Azure integration

Configuration

  • Requires a two-part setup: Jostle, then Azure
  • Once configured, user provisioning is one-way: Azure to Jostle

Supported provisions

  • Push New Users
    • New users created in Azure will be created in Jostle.
  • Push Profile Updates
    • Updates made to a user’s profile in Azure will be pushed to Jostle.
  • Push User Deactivation
    • Deactivating a user in Azure will deactivate them in Jostle.
  • Push User Reactivation
    • Reactivating a user in Azure will reactivate them in Jostle.

NOTE—Azure pushes its changes out in intervals, so it may take up to 40 minutes for a change to be reflected (alternatively, Azure has a Provision on demand option that can be used to immediately push changes for a selected user).

 

Setup Part 1: Jostle

Automation account

Before you begin, you’ll need to create an Automation user in your Jostle intranet. This will be the account you’ll use to configure with Azure. Automation users can be created in Admin Settings > User Accounts and Data > Manage Automation Users.

For more details on Automation users and how to create one, see this article.

Once created, the Automation user account must be activated (i.e. logged in to your intranet at least once) before it can be used to configure Azure.

 

Manage user provisioning

All Jostle account subscriptions include SSO/user provisioning features. If they are not appearing on your account, you can contact your Customer Success Manager and they can assist you in getting them added.

The next step is to obtain the API URL and API key from Jostle:

  1. Go to the Main Navigation and click Admin Settings.
  2. Under User data to/from other systems click Manage user provisioning (NOTEif you do not see "Manage user provisioning" here, contact Support to have this page enabled in your Admin Settings).
  3. In the User Provisioning API details section, go to Your Base URL field, click the Copy button and save the URL somewhere you can easily access it later.                                                                                                                                                                                                                                          01_manageUserProvisioning.jpg                                                                                                                                                     
  4. Next, click the Add a new key... button
  5. On the following screen, go to the Automation User field and use the drop-down menu to select your Automation user account.                                                                                                                                                                                                                                                                                        02_SelectIntegrationAccount.jpg                                                                                                                                         
  6. In the Provisioning API key description field give your key a name (i.e. “Azure”) and then click the Add button.                                                                                                                                                                                                                                                                                                              03_CopyAPIKey.jpg                                                                                                                                                               
  7. Once your key is generated, make sure to copy it right away and save it where you saved your URL (since this will be the only time your key will appear).                                                                    

Next, you’ll use the API URL and API key to configure the integration in Azure.

 

Setup Part 2: Azure

For the Azure part of this setup, we'll be setting up Azure Provisioning as a Non-gallery application (which, fair warning, is a bit of a lengthy process).

 

Provisioning

  1. Log in to portal.azure.com and go to Azure Active Directory
  2. From the left menu, select Enterprise applications
  3. In the top menu, click on + New application
  4. In Search application enter Jostle
  5. Select the Jostle application from the results and then click Create
  6. From the left menu, select Provisioning and click Get Started
  7. On the Provisioning screen, go to the Provisioning Mode field and set it to Automatic                                                                                                                                                                                                                                          AP01.jpg                                                                                                                                                                                 
  8. Scroll down and click on Admin Credentials. In the Tenant URL field, enter Your Base URL (that you copied when you were creating your API key in Jostle). In the Secret Token field, enter the API key you created and copied.                                                                                                                                                                                        AP02.jpg                                                                                                                                                                          
  9. After you've entered the URL and API key, click Test Connection. There should be a message in the top right part of the window which says "The supplied credentials are authorized to enable provisioning".
  10. Go to the top of the screen and click Save to save the settings so far.
  11. Scroll back down and click on Mappings to open the next section.                                                                                                                                                                                                                                               Mapping                                                                                                                                                      
  12. Select Provision Azure Active Directory Users.
  13. Ensure that Enabled is set to Yes                                                                                                                                                                                                                                                                            AP03.jpg                                                                                                                                                               
  14. Optional: if you want to specify filtering on which users you want to sync to Jostle then configure the Scope Object Scope.
  15. Once you are done specifying scope (optional), ensure that under Target Object Actions, the boxes next to Create, Update and Delete are all checked.
  16. The default mapping has Azure AD Attribute ‘mail’ mapped to SCIM work email. Since for Jostle, work email is required, make sure you map this to a field where there will always be a value.
  17. Now add the mappings for the additional fields as desired by selecting Add New Mapping for each attribute. This will bring up a dialog on the right part of the screen. For the following Jostle attributes enter the following mappings values where for the Source attribute you specify the desired attribute from your Azure AD attributes (i.e. an attribute that makes sense to map to that field - if you don't have anything suitable for a field, then just leave it out of the mapping):                                                                                   

    Jostle attribute

    Mapping Type

    Target Attribute

    Personal Email

    Direct

    emails[type eq "personal"].value

    Alternate Email 1

    Direct

    emails[type eq "alternate1"].value

    Alternate Email 2

    Direct

    emails[type eq "alternate2"].value

    Alternate Email 1 Label

    Direct

    urn:ietf:params:scim:schemas:extension:jostle:2.0:User:alternateEmail1Label

    Alternate Email 2 Label

    Direct

    urn:ietf:params:scim:schemas:extension:jostle:2.0:User:alternateEmail2Label

     
  18. Click Save and then Yes on the confirmation dialog.
  19. After the edits, the mapping will look something like this but with the Azure Active Directory Attribute being the ones you chose for the mapping from your Azure AD:                                                                                                                                                                                                            AP05b.jpg                                                                                                                                                                
  20. Click the X in the top right corner (under your name/avatar) to go back to Provisioning.
  21. In the Settings section, select the desired setting for Scope to sync only users assigned to this application or all users.
  22. In the Notification Email field, enter the email address where you want to receive alerts and then check the box next to "Send an email notification when a failure occurs" (NOTE—Jostle will also send provisioning failure notifications, so this is optional).
  23. Turn on provisioning by changing Provisioning Status to On and then click Save (you can click Refresh to update status)

NOTES

  • Some stats are available on the right: View provisioning details and View technical information
  • Audit and provisioning details can be viewed by going to View audit logs and View provisioning logs, respectively.

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.