Documentation forSolarWinds Service Desk

User provisioning with Microsoft Azure 

On this page

Introduction

You will need to access both your Azure Service Portal and SolarWinds Service Desk (SWSD). SolarWinds recommends having them both open at the same time but on separate browser tabs, as you will be going back and forth between the two.

Learning Options

You can choose to use the User Provisioning video tutorial or the instructions below to guide you through the User Provisioning process.

You can also import users via CSV file. See

Setup Steps

Preconfigure your Active Directory departments and sites in SWSD prior to performing a sync.

Step 1: Add the SolarWinds App to your Azure Active Directory

If you have already configured SWSD with Azure SSO, this step does not need to be repeated.

  1. Open your Azure Portal.

  2. Navigate to Azure Active Directory, and then in the left pane under Manage, click Enterprise applications.

  3. Click the New application tab, and under Application type, search for SolarWinds.

  4. Click SolarWinds Service Desk.

  5. In the new pane that displays on the right, at the bottom click Create.

Azure adds SolarWinds Service Desk and opens it.

Step 2: Provisioning

  1. In Azure, under Manage, click Provisioning.

  2. In the middle of the screen, click Get Started.

  3. In the new window that opened, under Provisioning Mode, select Automatic.

Admin Credentials display.

See SolarWinds Service Desk CSV file import for instructions on how to import a csv file to create new user records. If you choose to import a group of users from a CSV file, first ensure that your sites and departments are set up in SWSD to exactly match the sites and departments in your import source file.

Step 3: Administrator Credentials

  1. In SolarWinds Service Desk, navigate to Setup > Account > Account Summary.

  2. On the right, under Account Summary, copy the Account URL.

  3. Return to Azure Provisioning, and in the Tenant URL field:

    1. Type https://

    2. Paste the contents of the clipboard.

  4. Return to SWSD to generate a secret token:

    1. In the left pane, navigate to Setup > Users & Groups > Users, and search for your own user account.

    2. In the Users list, click on your own account name, and then, in the upper of the user details page, click Actions and select Generate JSON Web Token.

      Only administrators in SWSD can generate tokens. JSON web tokens will not break if the user's email address is changed or the user's password is reset.
  5. On the left locate the JSON Web Token, and under it, click Copy.
  6. Return to Azure, and in the Secret Token field, paste from the clipboard.
  7. Click Test Connection to confirm credentials are working properly.
    • If test is successful, a message with a green check mark will display in the upper right corner.
    • If test is unsuccessful, contact support for assistance.
  8. Click Save.
  9. Refresh browser menu.

Step 4: Settings

  1. in Azure, click Settings to expand the menu.
  2. Check the box next to Send an email notification when a failure occurs.
  3. Under Notification Email, provide an email address where you want to receive alerts if a failure occurs. (Consider using a distribution list in case someone leaves your organization.)
  4. Directly under the Provisioning Title, click Save.
  5. Refresh page.
  6. Near the top of the new menu, click Start provisioning.
    Azure contacts your instance of SWSD and begins creating user roles (this can take a while).

Step 5: Mappings

SolarWinds does not recommend importing groups via Azure. The Azure/Active Directory security and distro group purpose does not correlate to SWSD.
  1. In Azure, on the left, click Users and groups. Here you will assign users to be provisioned in SWSD.

  2. Click Add user/group.

  3. In the Add Assignment window displays. If you see a message that Groups are not available due to your Active Directory plan level, it means that you cannot use group management, and therefore, you must manage one user at a time (or by multiple selection). Organizations paying for a premium version of Azure Active Directory should not see this message.

    • To manage one user at a time (or by multiple selection):

      1. Under Users, click None Selected.

      2. In the list of users on the right, select a user, and then click Select at the bottom of the list.

      3. Under Select a role, click None Selected.

      4. From the list of roles that displays on the right, select a role from the list, and then click Select at the bottom of the list. Alternatively, you can search for a role.

        The list contains out-of-the-box roles as well as custom roles you have created.
      5. Click Assign on the bottom left.

        After you click Assign, the users and groups window displays the newly added user in a list of users and groups. You can review the Display Name, Object Type, and Role assigned for accuracy.

      6. Repeat steps a-e above for each user you want assigned and provisioned into SWSD.

    • To manage by group rather than user (Azure Premium subscription required), the process is similar to the one above, but you would select a group rather than a user, and then assign a role to the entire group.

Site & Department names syncing from Azure must exactly match the site and department names loaded to SWSD in Setup > Account > Organization & Sites. The site and department names are case- and space-sensitive. If they do not match, users will fail to provision.

Step 6: Restart Provisioning

  1. From the left navigation menu, under Manage, click Provisioning.

  2. From the buttons near the top of the window, click Restart provisioning.

  3. When prompted to confirm, click OK.

    In the upper right a message displays that confirms the provisioning is scheduled to restart.
    The provisioning/sync cycle will begin and start pushing any assigned users. Within an hour you should start to see users provision into your account.

The sync process can take a few hours to complete.

If you run into any sync issues, contact Technical Support or Microsoft for assistance.

Troubleshooting

If users are failing to sync, the most common errors are:

  • Azure is attempting to provision the user with a site or department name that has not been added in SWSD (Setup > Account > Organization & Sites). For more information, see Organization & sites.

  • Azure is attempting to provision a user to the SWSD Requester role with an email domain that is not allowed. Allowed Domains can be found in Setup > Global Settings > Service Portal > Allowed Domains. For more information, see Service Portal.

To identify the problem, you might find it helpful to use the Audit Log found in Azure. You can filter by:

  • Status: Failure
  • Activity: Export

Related topics

Users