Users
      Back to home
      1. Help Center
      2. Workplace management
      3. Users

      Provision and manage users from Azure AD

      Joan uses a System for Cross-Domain Identity Management (SCIM) to enable the automatic provisioning of users from Azure AD (AAD). When enabled, all user management will be done only in Azure AD and disabled on Joan's side.

      To establish automatic provisioning of the users please follow the provided instructions below.

      Enable SCIM integration in MyJoan

      Create a new enterprise application in Azure AD

      Create Joan SCIM Azure AD application

      Configure Mapping

      Configure Roles

      Adding Users and Groups

      Configuring Departments

      More information on the SCIM integration can be found in a Microsoft guide here.

      Enable SCIM integration in MyJoan

      Navigate to Settings --> Integrations and click on SCIM. Toggle to enable the integration and generate a new token. That token will be used to authenticate the connection between Azure AD and Joan.

      2024-06-27 23_35_26-Joan Office

      Create a new enterprise application in Azure AD

      Login to your Azure Portal account and navigate to the Active Directory section.

      Continue to the Enterprise applications section to create a new non-gallery application.

      1_korak_kreiranje_SCIM aplikacije

      Configure Joan SCIM Azure AD application

      Go to the Provisioning section of the newly created application to connect it to your Joan account.

      Make sure to set:

      - Provisioning Mode to Automatic

      - Tenant URL: https://portal.getjoan.com/api/scim/v2/

      - Secret Token: Copied from the Joan SCIM configuration page

      Click on Test Connection to confirm that the connection between your Azure AD and Joan is functional. After confirming that the connection works, click Save. Once Save is clicked, additional options will appear below the Admin Credentials option.

      2_korak_povezava_SCIM_z_Joan_Portalom

      Configure Mapping

      Joan supports the mapping of Users, while Group Mapping is currently not available.
      To disable the Group Mapping, we will first have to add one active user under the "Users and groups". To do so, please check the step Adding Users and Group

      Once the user is added we can proceed with disabling the Group Mapping. Please click on "Provision Azure Active Directory Groups" and disable it. Also, make sure to enable the Provisioning Status, while we're at it.

      4_korak_izklopimo_group_provisioning

      The next step is to map Azure user attributes to Joan ones. Click on "Provision Azure Active Directory Users" and set the attribute mappings as per the table below. Joan supports the following mapping user attributes: Users (Create, Update, Delete).

      By default, Azure should already set everything correctly except the objectId -> externalId mapping. In our case, please select objectId instead of the mailNickname.

      5_korak_izgled_atributov_za_mapiranje

      Please also make sure that following mapping is added:

      1. Click on Add New Mapping
      2. For Mapping type select Expression
      3. In Expression field paste -> Switch(SingleAppRoleAssignment([appRoleAssignments]), "", "Admin", "Office Manager")
      4. For Target attribute select userType
      5. Click Ok and Save

      6_korak_dodamo_polje_za_office_managerja-userje

      To make sure all of the attributes are set correctly please check the below table:

      Azure attribute Joan
      attribute

      Matching
      precedence
      userPrincipalName userName 1

      Switch([IsSoftDeleted], , "False", "True", "True", "False")

      		 active  
      givenName name.givenName  
      surname name.familyName  
      objectId externalId  
      Switch(SingleAppRoleAssignment([appRoleAssignments]), "", "Admin", "Office Manager") userType  
      department urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department  

      Configuring Roles

      We currently support two roles - a User and an Office Manager.

      To create the user roles please follow these instructions:

      1. Please go to App registrations and select the application created for the SCIM integration. NOTE: Don't forget to choose All applications if you can't see your app.
      2. Click on Create app role
      3. Make sure to put Admin as the value and as the display name. The description isn't important.

        7_korak_ustvarimo_admin_rolo

      Adding Users and Groups

      To add the users and groups from your Active Directory to the Joan Application please follow these instructions:

      1. Find the application that you previously created for Joan
      2. Go to Users and groups
      3. Click on +Add users/groups
      4. Select the Users/Groups you wish to add
      5. Select the role for the wanted user/group
      6. Click Assign

      Note: When adding users, be careful that you are not provisioning the same account under a specific group or as a user 

      8_korak_dodamo_uporabnike_in_dolocimo_vlogo

      If the users/groups that you previously added are not syncing, please try to provision them on demand.

      9_korak_provisioning_uporabnikov

      Configuring Departments

      To assign a department to the user please follow the instructions below:

      1. Navigate to your Joan SCIM AD Azure application
      2. Once there, go to Users and groups and then click on the user you wish to change
      3. When the Profile page opens, click on Edit
      4. Find the Department field in the section Job info and enter the department you wish to add the user to
      5. Save the configuration
      6. Once everything is set up, make sure that you start provisioning the users to the Joan Portal. Navigate to "Provisioning" and click "Start provisioning" and that is it!

      13_korak_departments

       

      If you encounter any issues, please contact support@getjoan.com.