User Provisioning with Microsoft Azure
You will need to access both your Azure Service Portal and SolarWinds Service Desk (SWSD). SolarWinds recommends having them both open at the same time but on separate browser tabs, as you will be going back and forth between the two.
You can choose to use the User Provisioning video tutorial or the instructions below to guide you through the User Provisioning process.
Step 1 - Add the SolarWinds App to your Azure Active Directory
If you have already configured SWSD with Azure SSO, this step does not need to be repeated.
- Open your Azure Portal.
- Navigate to Azure Active Directory, and then in the left pane under Manage, click Enterprise applications.
- Click the New application tab, and under Application type, search for
- Click SolarWinds Service Desk.
A new pane will open on the right.
- At the bottom of the new pane, click Create.
Azure will add SolarWinds Service Desk and open it.
Step 2 - Provisioning
In Azure, under Manage, click Provisioning.
In the middle of the screen, click Get Started.
A new window will open.
Under Provisioning Mode, select Automatic.
Admin Credentials will display.
Step 3 - Administrator Credentials
Navigate to SolarWinds Service Desk > Account > Account Summary.
On the right, under Account Summary, copy the Account URL.
Return to Azure Provisioning , and in the Tenant URL field:
Paste the contents of the Clipboard
Return to SWSD to generate a secret token:
In the left pane, navigate to Users & Groups > Users, and search for your own user account.
In the Users list, click on your own account name, and then, in the upper right corner, click Actions and select Generate JSON Web Token.Only administrators in SWSD can generate tokens.
- On the left locate the JSON Web Token, and under it, click Copy.
- Return to Azure, and in the Secret Token field, paste from the Clipboard.
- Click Test Connection to confirm credentials are working properly.
- If test is successful, a message with a green check mark will display in the upper right corner.
- If test is unsuccessful, contact support for assistance.
- Click Save.
- Refresh browser menu.
Step 4 - Settings
- in Azure, click Settings to expand the menu.
- Check the box next to Send an email notification when a failure occurs.
- Under Notification Email, provide an email address where you want to receive alerts if a failure occurs. (Consider using a distribution list in case someone leaves your organization.)
- Directly under the Provisioning Title, click Save.
- Refresh page.
A new menu will display.
- Near the top, click Start provisioning.
Azure will contact your instance of SWSD and begin creating user roles (this can take a while).
Step 5 - Mappings
In Azure, on the left, click Users and groups.
Here you will assign users to be provisioned in SWSD.
Click Add user/group.
The Add Assignment window will display. If you see a message that Groups are not available due to your Active Directory plan level, it means that you cannot use group management, and therefore, you must manage one user at a time (or by multiple selection). Organizations paying for a premium version of Azure Active Directory should not see this message.
To manage one user at a time (or by multiple selection):
Under Users, click None Selected.
A list of users will display on the right.
Select a user, and then click Select at the bottom of the list.
Under Select a role, click None Selected.
A list of roles will display on the right. The list contains out-of-the-box roles as well as custom roles you have created.
Select a role from the list, and then click Select at the bottom of the list.
Alternatively, you can search for a role.
Click Assign on the bottom left.
The users and groups window will display the newly added user in a list of users and groups. You can review the Display Name, Object Type, and Role assigned for accuracy.
Repeat steps a-e above for each user you want assigned and provisioned into SWSD.
To manage by group rather than user (Azure Premium subscription required), the process is similar to the one above, but you would select a group rather than a user, and then assign a role to the entire group.
Step 6 - Restart Provisioning
- From the left navigation menu, under Manage, click Provisioning.
- From the buttons near the top of the window, click Restart provisioning.
- When prompted to confirm, click OK.
In the upper right a message will display that confirms the Provisioning is scheduled to restart.
The Provisioning/Sync cycle will begin and start pushing any assigned users. Within an hour you should start to see users provision into your account.
If you run into any sync issues, contact Technical Support or Microsoft for assistance.