# Google Analytics

Configure iGrafx for automatic user provisioning

This tutorial describes how to configure the iGrafx platform with Azure AD to have automatic user provisioning and de-provisioning. User provisioning is only available in an iGrafx cloud offering. For more information on how this technology works see this Azure document. 

User provisioning is currently in preview with select customers, and will be available for all regions in Q2. 

Prerequisites

The following items are required to continue:

  1. An Azure Active Directory tenant
  2. An Enterprise or Dedicated iGrafx Cloud Tenant
  3. A security token
  4. A custom tenant identifier (requested via our support page) https://scim.igrafxcloud.com/scim/v2/<identifier>

To configure automatic user account provisioning to iGrafx in Azure AD:

  1. In the Azure portal, browse to the Azure Active Directory > Enterprise Apps > All applications section.

  2. Click New Application at the top of the page. 
  3. Click Create your own application
    1. Enter a name in Input Name field
    2. Leave "Integrate any other application you don't find in the gallery"
  4. Now click Provisioning Tab
    1. May have to click Get Started button to see the next step
  5. Set the provisioning mode to Automatic
  6. Enter the Tenant URL and Secret Token received in the prerequisites

  7. Click Test Connection to see if your connection was successful ((question) Not successful? Contact our support for further assistance)
  8. Under Settings → Enter an email to receive any synchronization issues

Configuring Mappings

Enable User Mapping 

Now open the mappings dropdown located under the "Admin Credentials" section

  1. Enable Provisioning of Users and select what users you want to synchronize
  2. Select Create, Update, and Delete under target object actions
  3. By default, only the username is mapped. To add more attributes click Add New Mapping and input the following values

    iGrafx User AttributeAttribute Mapping Values
    Mapping TypeSource Attribute/ExpressionTarget Attribute
    EnabledExpressionNot([IsSoftDeleted])active
    EmailDirectmailemails[type eq "work"].value
    First nameDirectgivenNamename.givenName
    Last nameDirectsurnamename.familyName

    Afterwards, your Attribute Mappings should look like this:

  4. Click Save

Enable Group Mapping

  1. Enable Provisioning of Groups and select the group source
  2. Select Create, Update, and Delete under the Target object actions
  3. By default, only the group display name is mapped. To add more group members click Add New Mapping and input the following values

    Mapping TypeSource Attribute/ExpressionTarget Attribute
    Directmembersmembers

    Afterwards, your Attribute Mappings should look like this:

  4. Click Save

Once configured, press save at the top of the main window and synchronization should begin. Synchronization should happen every 40 minutes. 


For more information on how to read the Azure AD provisioning logs, see Reporting on automatic user account provisioning.

Additional resources