Provisioning with Microsoft Azure (Entra Connect Cloud Sync)

On this page

Introduction

To provision users SolarWinds Service Desk (SWSD) through Microsoft Azure, you will need to access both your Azure Service Portal and SWSD. SolarWinds recommends having them both open at the same time but on separate browser tabs, as you will be going back and forth between the two.

Learning options

There are several options for instructional guidance:

Another option is to view a video.

See this video: SolarWinds Service Desk User Provisioning with Microsoft Azure.

Setup Steps

Preconfigure your Active Directory departments and sites in SWSD prior to performing a sync. Also, if you are provisioning for ESM, read Google SSO configuration and provisioning.

Step 1: Add the SolarWinds App to your Azure Active Directory

If you have already configured SWSD with Azure SSO, this step does not need to be repeated.

Open your Azure Portal.
Navigate to Azure Active Directory, and then in the left pane under Manage, click Enterprise applications.
Click the New application tab, and under Application type, search for SolarWinds.
Click SolarWinds Service Desk.
In the new pane that displays on the right, at the bottom click Create.

Azure adds SolarWinds Service Desk and opens it.

Step 2: Provisioning

Provisioning for single-tenant ITSM customers

In Azure, under Manage, click Provisioning.
In the middle of the screen, click Get Started.
In the new window that opened, under Provisioning Mode, select Automatic.

Admin Credentials display.

See CSV file imports and exports for instructions on how to import a csv file to create new user records. If you choose to import a group of users from a CSV file, first ensure that your sites and departments are set up in SWSD to exactly match the sites and departments in your import source file.

Steps for ESM provisioning

What you can provision is dependent on your provisioning provider.

Step 1: Ensure provisioning at the organization level

Before you begin, determine whether your organization has already performed any provisioning.

For those who previously provisioned before migrating to ESM

Replace the token in the existing app with the token from the organization. Do not make any changes to the URL.

For those who have never provisioned

Provision users to the organization level. If your provisioning provider allows you to provision roles, you can also do that here.

Create a dedicated app in your provisioning provider platform.

Use the organization token for the provisioning process.

Use the organization URL.

Step 2: Provision at the service provider level

If you want service providers to be able to create roles and manage them at the service provider level, follow these steps:

Create a dedicated app in your provisioning provider platform.

Use the organization token for the provisioning process.

Use the specific service provider organization URL.

Repeat the role-provisioning process for any service provider that should be able to create and manage roles.

Step 3: Administrator Credentials

In SolarWinds Service Desk, navigate to Setup > Account > Account Summary.
On the right, under Account Summary, copy the Account URL.
Return to Azure Provisioning, and in the Tenant URL field:
1. Type https://
2. Paste the contents of the clipboard.
Return to SWSD to generate a secret token:
1. In the left pane, navigate to Setup > Users & Groups > Users, and search for your own user account.
2. In the Users list, click on your own account name, and then, in the upper of the user details page, click Actions and select Generate JSON Web Token.
  
  Only administrators in SWSD can generate tokens. JSON web tokens will not break if the user's email address is changed or the user's password is reset.
On the left locate the JSON Web Token, and under it, click Copy.
Return to Azure, and in the Secret Token field, paste from the clipboard.
Click Test Connection to confirm credentials are working properly.
- If test is successful, a message with a green check mark will display in the upper right corner.
- If test is unsuccessful, contact support for assistance.
Click Save.
Refresh browser menu.

Step 4: Settings

in Azure, click Settings to expand the menu.
Check the box next to Send an email notification when a failure occurs.
Under Notification Email, provide an email address where you want to receive alerts if a failure occurs. (Consider using a distribution list in case someone leaves your organization.)
Directly under the Provisioning Title, click Save.
Refresh page.
Near the top of the new menu, click Start provisioning.
Azure contacts your instance of SWSD and begins creating user roles (this can take a while).

Step 5: Mappings

When provisioning with Azure, the Microsoft guide on attribute mapping can be helpful. Mapping for custom fields must be done through API.

SolarWinds does not recommend importing groups via Azure. The Azure/Active Directory security and distro group purpose does not correlate to SWSD.

In Azure, on the left, click Users and groups. Here you will assign users to be provisioned in SWSD.
Click Add user/group.
In the Add Assignment window displays. If you see a message that Groups are not available due to your Active Directory plan level, it means that you cannot use group management, and therefore, you must manage one user at a time (or by multiple selection). Organizations paying for a premium version of Azure Active Directory should not see this message.
- To manage one user at a time (or by multiple selection):
  1. Under Users, click None Selected.
  2. In the list of users on the right, select a user, and then click Select at the bottom of the list.
  3. Under Select a role, click None Selected.
  4. From the list of roles that displays on the right, select a role from the list, and then click Select at the bottom of the list. Alternatively, you can search for a role.
    
    The list contains out-of-the-box roles as well as custom roles you have created.
  5. Click Assign on the bottom left.
    
    After you click Assign, the users and groups window displays the newly added user in a list of users and groups. You can review the Display Name, Object Type, and Role assigned for accuracy.
  6. Repeat steps a-e above for each user you want assigned and provisioned into SWSD.
- To manage by group rather than user (Azure Premium subscription required), the process is similar to the one above, but you would select a group rather than a user, and then assign a role to the entire group.

Site & Department names syncing from Azure must exactly match the site and department names loaded to SWSD in Setup > Account > Organization & Sites. The site and department names are case- and space-sensitive. If they do not match, users will fail to provision.

Step 6: Restart Provisioning

From the left navigation menu, under Manage, click Provisioning.
From the buttons near the top of the window, click Restart provisioning.
When prompted to confirm, click OK.

In the upper right a message displays that confirms the provisioning is scheduled to restart.
The provisioning/sync cycle will begin and start pushing any assigned users. Within an hour you should start to see users provision into your account.

The sync process can take a few hours to complete.

If you run into any sync issues, contact Technical Support or Microsoft for assistance.

Troubleshooting

If users are failing to sync, the most common errors are:

Azure is attempting to provision the user with a site or department name that has not been added in SWSD (Setup > Account > Organization & Sites). For more information, see Organization & sites.
Azure is attempting to provision a user to the SWSD Requester role with an email domain that is not allowed. Allowed Domains can be found in Setup > Global Settings > Service Portal > Allowed Domains. For more information, see Service Portal overview.

To identify the problem, you might find it helpful to use the Audit Log found in Azure. You can filter by:

Status: Failure
Activity: Export

Search SolarWinds Support