Applicable plans
  • Free
  • Plus
  • Business
  • Enterprise


To set up provisioning in Azure, go to the "Provisioning" menu item in your Zenkit organization settings. At the top change the provisioning mode to "Automatic".


Entering the admin credentials

The Tenant URL refers to the "Base URL" you can find in your Zenkit SCIM 2.0 provisioning settings. The Secret Token is the Bearer Token from the same Zenkit settings.

Enter both the tenant URL and the secret token, then test the connection. We recommend that you also enter your email and opt to receive an email notification when a failure occurs.

Once the test has come back positively, click "Save".


Mapping Users and Groups for provisioning

Once you've saved the admin credentials, you can expand the Mappings section to map your AD groups and users to your Zenkit organization.


Groups

The group mapping is already correct, but you need to make the objectId the 1st matching precedence, since that is what is used by Zenkit to match the groups. To change this, please do as follows:

Click "objectId" to edit it. Under "Match object using this attribute", select "Yes", then check that the matching precedence is set to 2.

Then, click "displayName", and under "Match object using this attribute", select "No" then click "OK". You can then optionally open "objectId" again and set the precedence to 1. The group attribute mapping should look like this once you're done:

Click "Save" and 'Yes' to confirm. You can then click the x in the top right corner to return to the main provisioning settings.


Users

Mapping users is a little more complex than mapping groups. The attribute that will be used by Zenkit to match users is "mail", which should map to "userName". The first thing to do is therefore to delete the "mail" > "emails [type eq "work"].value" map.

Next, click on "userPrincipalName" at the top of the list, then under "Source attribute" select "mail". "Target attribute" should remain "userName". Once that's set, click "OK":

You can then delete every single mapping except 'mail', 'Switch([IsSoftDeleted], , "False", "True", "True", "False")', 'displayName', and 'preferredLanguage'. The mapping should then look like this:

Click "Save" and "Yes" to confirm then close the attribute mapping window.


Lastly, turn the provisioning status at the bottom of the Azure Provisioning set up page to "On".

Once this is done, your provisioning has been fully set up and any user you add to your Active Directory will then appear in your Zenkit organization.