How to set up Preciate's Azure Active Directory Integration?

Set up the Preciate Active Directory Integration for easy, automatic user provisioning.

Preciate's Azure Active Directory Integration is the perfect solution to easy, automated user provisioning for customers with Microsoft's Office Suite. Normally, a Preciate admin would need to add and remove users from Preciate as employees are hired and leave their organization. They would also have to update each user's Location and Department to take full advantage of Premium reporting. As you can imagine, the larger an organization the greater the challenge in keeping up. This is where our Active Directory Integration comes into play. With our integration, Microsoft will notify us every time a new employee is added to your Active Directory, removed, or updated. This means that as soon as someone leaves your organization and is removed from Active Directory, they'll be removed from your organization in Preciate. When an employee's title, department, or locations changes, it will automatically be synced to Preciate. This lets your Preciate admins focus more on meaningful tasks instead of tedious user management. Follow the steps outlined below, to set up your Active Directory Integration.

 

You will need to work with your organization's IT Admin to set up the Preciate Azure Active Directory Integration. The installation should only take 10 minutes!

 

  1. Open your organization's Azure Active Directory portal and click Enterprise Applications on the left hand menu.

AAD 1 - Enterprise Menu

 

2.  Click "New Application" at the top.

 

AAD 2 - Create New Enterprise App

3.  This will open up the Azure AD Enterprise Gallery. In the Gallery, you can find preselected integrations or add custom ones, such as the Preciate AAD Integration.  Click "Create your own application". 

 

AAD 3 - Create Gallery App

4.  A drawer will open on the right hand side and appear like the image below. Add a name for the integration. You can title it "Preciate - Integration" so that it's easy to recognize. Then select the third option titled: "Integrate any other application you don't find in the gallery". Finally click the Create button at the bottom of the drawer.

 

AAD 4 - Name Custom App

5.  It may take a few seconds for the page to navigate to the new Preciate - Integration application dashboard. Once there, you'll see the Getting Started options below. For this integration, you will only need to use number 1 - Assign users and groups and number 3 - Provision User Accounts. First click number 3 - Provision User Accounts.

 

AAD 5 - App Dashboard

6.  Click Get Started.

 

AAD 6 - Get Started

7.  Select Automatic in the drop down next to Provisioning Mode. This will update the page.

 

8.  To establish a secure connection between your Active Directory account and your Preciate organization account, you need to populate both the Tenant URL and Secret Token.

Under Admin Credentials, write this url in the input field for Tenant URL: https://preciate.com/api/v1/scim

This url let's Microsoft know where to send your user information, and the Secret Token is how we know what account that information belongs to.

 

AAD 7 - Provision Endpoints

9.  To get your Secret Token, log into your Preciate Admin Portal and navigate to the Integrations page (https://preciate.com/web/admin/keys). Next click the Generate button where it says Active Directory Integration Secret Key. A new secret key will appear. Copy that key and paste it into the input key labeled Secret Token back in your Preciate - Integration page.

 

Every time you click the Generate button a new secret key is created. This will immediately invalidate the current one. If an integration is already actively using the current key, generating the new one will cause the integration to stop functioning until the Secret Token is updated in Active Directory's Preciate - Integration.

 

AAD 8 - Admin Nav

AAD 9 - AD Integration Key

10.  Once you have both the Tenant URL and Secret Key added, click Test Connection. If the connection is a success, you'll see this message in the upper right of your screen. If you do not get a success message, then the integration is not configured correctly. Please go back through these steps to ensure you did not make any mistakes. If the error persists, please reach out to Preciate at support@preciate.com.

 

AAD 10 - Connection Success

11. At this point, you may be required to click Save at the top of the page before the remaining sections enable. After saving, you'll see the Mappings section. This is where you tell Microsoft what properties you want to send to Preciate. Integrations can provision Users and Groups; however, Preciate only provisions Users. 

To disable Groups, click "Provision Azure Active Directory Groups".

AAD 11 - Disable Groups

12.  Click No under Enabled and then Save. After saving navigate back to the previous screen by clicking Provisioning at the top of the screen.

 

AAD 12 - Disable Groups 2

13.  Now that Groups are disabled, click "Provision Azure Active Directory Users". This will show all the properties that Microsoft sends by default. In order to function properly, you must delete several properties that Preciate does not use. Below are the properties that Preciate requires. Remove extra properties until only those below are showing.

 

Keeping extra properties or removing necessary properties will cause the integration not to function correctly.

 

AAD 13 - User Attribute Mapping

After removing the extra properties, Save and return to the previous screen by clicking Provision at the top of the screen.

 

14.  In the next section, Settings, you can optionally add an email for notifications if the integration has an issue.

AAD 14 - Email Notification

15.  Now that you've configured the Integration, it's time to assign Users to the integration. Click "Users and groups" on the left hand menu.

This integration will only be notified about the specific users that you assign to it. Any users that are not assigned, will not be shared with Preciate. Any users who are assigned, will be shared, but all information is pushed from Microsoft to Preciate.  Preciate does not query your users' information.

 

AAD 15 - Users and Groups

16.  Click "Add User". If this isn't enabled, try refreshing the page.

 

AAD 16 - Add User

17.  Users can be provisioned individually or through Groups. In most organizations, it's easier to assign a group of users instead of individually. Search for the group or users and add them.

 

AAD 17 - Select Users

Any "user" with an email that is part of a group you assign will be provisioned and create a user in Preciate. This means that a dummy or shared user account in Active Directory such as IT Help with email: it@your-organization-.com will be added in Preciate. You can either create a new group to provision that doesn't include these users or remove them from Preciate's admin portal after the initial sync. 

 

18.  Now you're almost done! The last thing to do is start the provisioning process and let it get to work. Navigate back to the Provisioning page, by clicking "Provisioning" in the left hand menu. Then click Start Provisioning. Depending on the size of your organization, this may take a few hours but most occur within an hour.  

 

AAD 18 - Start Provisioning

19.  After the initial sync is complete, your view will appear below and indicate the number of successful provisions as well as the number of failures. You can use the link "View provisioning logs" to see the detailed records in the event that one more more users did not provision. 

 

AAD 19 - Manage Provisioning

From this point on, Microsoft will notify Preciate of any updates to the users you assigned every 40 minutes, creating an automatic and easy way to manage your employees in Preciate!