Streamline Azure User Management with Centralized Configuration

Streamlining Azure user management can be a daunting task, especially for large organizations with numerous users and roles. By implementing a centralized configuration, you can simplify the process and reduce errors.

Azure Active Directory (Azure AD) allows you to manage user identities and access to resources from a single location, making it easier to assign roles and permissions. This can be done through the Azure portal or by using PowerShell scripts.

With a centralized configuration, you can automate tasks such as user provisioning, deprovisioning, and password reset, freeing up time for more strategic tasks. This can also help reduce the likelihood of human error, which can lead to security breaches.

To set up Azure user management, you'll first need to deploy the Druva SCIM app, which allows you to provision users from Azure AD.

The process involves several steps, including enabling API integration with inSync and mapping SCIM attributes to Azure AD attributes on the SCIM app.

To do this, you'll need to click Add New Mapping, which will allow you to configure the necessary settings.

Here's a breakdown of the steps:

Once you've completed these steps, you'll be able to start provisioning users from Azure AD.

To configure user attributes in Azure, you need to map Azure user attributes to Joan ones. This involves selecting the correct attribute mappings, which can be found in the table below.

In some environments, you may need to import userPrincipalName as an additional attribute, so make sure to map it correctly. You can do this by selecting the userPrincipalName attribute and associating the Azure AD email attribute with it.

Configuring roles is a crucial step in user management. We currently support two roles: a User and an Office Manager.

To create the User role, follow these steps:

The Office Manager role can also be created using the same process. The key difference is that the display name should be set to Admin, but the value can be left as is.

By configuring roles, you can establish clear boundaries and permissions for users and administrators within your organization.

To configure mapping, you need to connect Azure AD to Joan. Set Provisioning Mode to Automatic and test the connection.

Joan supports mapping users, but group mapping is not currently available. To enable user mapping, you need to add at least one active user under the "Users and groups" section.

To map Azure user attributes to Joan ones, click on "Provision Azure Active Directory Users" and set the attribute mappings as per the table below.

You also need to add a custom mapping for the userType attribute. Click on Add New Mapping and select Expression as the mapping type. In the Expression field, paste the following: Switch(SingleAppRoleAssignment([appRoleAssignments]), "", "Admin", "Office Manager"). Select userType as the Target attribute and click Ok and Save.

User Provisioning is a crucial step in Azure user management. You can provision users from Azure AD using SCIM, which stands for System for Cross-domain Identity Management.

To get started, deploy the Druva SCIM app and enable API integration with inSync. Mapping SCIM attributes to Azure AD attributes on the SCIM app is also necessary. After that, start the provisioning status of the Druva app and assign users to the SCIM app.

Provisioning can take some time, so be patient and don't worry if it takes 10 to 15 minutes for the users to be imported into inSync Cloud. If there are any issues, check the Audit logs for the Druva SCIM app under the Provisioning section.

To create new users, you can use the Azure Portal, PowerShell, or Azure CLI. You'll need to have the Global Administrator or User Administrator role assigned to perform this task.

You can create a new user through the Azure Portal by providing their complete name, job information, groups, and roles. You can also assign a username and password, or invite the user with a personal message.

If you choose to create a user, you'll need to provide the credentials to the person to sign in. If you invite a user, an email will be sent with the steps to sign in.

You can add or invite users via the Azure Portal, PowerShell, or Azure CLI. To do this, go to the Azure Portal and follow these steps:

If the users or groups you previously added are not syncing, try provisioning them on demand.

To integrate and authenticate users in Azure, you'll need to enable SCIM integration in MyJoan. This involves navigating to Settings --> Integrations and clicking on SCIM, then toggling to enable the integration and generating a new token.

This token will be used to authenticate the connection between Azure AD and Joan. Azure AD offers various authentication methods, but it's recommended to use passwordless methods like Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app, as they provide the most secure sign-in experience.

To configure API integration with Druva inSync, you'll need a token generated while configuring inSync SCIM. Then, follow these steps: On the Azure console, go to All Services > Enterprise Applications section and select your SCIM app. On the App Overview page, select Provisioning under Manage on the left pane. On the Provisioning pane, select Provisioning mode as Automatic.

Azure AD offers various authentication methods, but some may require Multi-Factor Authentication (MFA).

The security considerations for authentication methods include Usability and Availability.

Using passwordless authentication methods like Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app provides the most secure sign-in experience.

Azure AD has other management options, but these are the most common.

For more information on authentication methods and how they work, you can visit the provided link.

To enable Druva inSync API integration, you'll need to configure the Azure console. Start by going to the Enterprise Applications section and selecting your SCIM app.

First, navigate to the App Overview page and select Provisioning under Manage on the left pane. Then, choose Provisioning mode as Automatic.

Next, specify the field values under the Admin credentials section. If you're an inSync Cloud Customer, enter the required field values accordingly. If you're an inSync GovCloud Customer, enter different field values.

Before proceeding, test the connection by clicking Test Connection to try and connect Azure AD to the inSync SCIM endpoint. Once the test succeeds, click Save.

Property Support has been significantly enhanced in the latest update. The list now supports 40+ columns and filters, a substantial increase from the previous 14 columns and 9 filters.

This expanded support allows for more precise filtering based on the data type of the property being filtered on. You can now apply conditions such as equals, not equals, in, starts with, ends with, greater than, and less than.

The Properties tab has also been revamped to provide a comprehensive view of user properties. It's now divided into categories like Identity, Job information, Contact information, Parental controls, Settings, and On-premises.

You can find more information about each property category in the Microsoft Graph documentation, specifically at https://docs.microsoft.com/en-us/graph/api/resources/user.

Azure Active Directory is a cloud-based platform that allows users to access all resources within an organization. It includes identity and access management services, organization information, and more.

AdminDroid's Microsoft 365 reporting and auditing tool provides 190+ reports to ease Azure AD management. This tool is custom-made for Office 365 admins to control and monitor user activities, login details, and more.

Azure Active Directory Reporting is a key feature of AdminDroid's tool, offering 75+ reports on user activities, group activities, licenses, and security. These reports help admins manage the organization securely with in-depth analytics.

Here are some report categories under Azure AD reporting:

Azure Active Directory Auditing provides 115+ reports on Azure AD audit, including user logins, group activities, admin role changes, and more. Admins can use these reports to efficiently monitor all Azure AD activities.

Here are some report categories under Azure AD auditing: