Azure AD (Entra ID)

Owned by Girish Reddy
Last updated: Sept 11, 2024
3 min read

Feature

Description

User Account Provisioning

You can use our Azure AD connector to create user accounts automatically. See this video for more information:

https://www.loom.com/share/980d64b156484cb2b65b4440daf36b72

Azure Provisioning Apps and Groups

Watch this video to see how you can use the Azure AD connector to automatically provision apps and groups to your users:

https://www.loom.com/share/446aef98609c421a872237b1e166964b

Security and Compliance

This video provides information on security and compliance when using OnLink with Azure AD

https://www.loom.com/share/4b4aefd8be6e4cf1842da2fba2978a53

Create User

 

Set the required fields when calling Create User function using the post function screen:

You can also use KeyValue pair to add any string, date or boolean attributes as supported by Azure AD, including custom attributes. See their list here.

map:birthday=customfield_10122
map:city=customfield_10123
map:department=customfield_10124
map:employeeHireDate=customfield_10125
map:employeeType=customfield_10126
map:officeLocation=customfield_10127
map:userType=customfield_10128
map:manager=customfield_10129 #textfield with manager’s email address

When Create User function is run on a user who already exists in Azure AD, OnLink updates the user record. Refer to this link for the list of fields that can be updated. In “update mode”, these fields are not updated: mailNickname, userPrincipalName, password.

Create User - Set Password

When using the “Create User” function, you can set the “Password” field to a temporary password. You can either set this to a static value or combine the static value with a dynamic prefix to generate a unique password for every user created.

You can use this smart value in the Password field: {dynamic_prefix}

This generates an alpha-numeric string of length 20. This may not, by itself, meet your password restrictions. So, we recommend setting the Password field to something like this:

{dynamic_prefix}Me3t$PwdReqs!!

The dynamic part will ensure that the password is unique and the “Me3t$PwdReqs!!” is a string that meets your organization’s password requirements.

Note that, this unique password can then be sent via email using OnLink’s Email connector. See this for more information.

The dynamic prefix is generated using the issue key (the issue on which the post function executes). So you’ll need to make sure that the Create User and Email functions are executed on the same issue.

Assigning Groups

OnLink supports assigning groups to users as part of the Create User function. An admin can select allowed Groups in the Connections screen. Then users can set the "Azure Groups" customfield in a Jira issue assign groups. Note that there’s a limit of 5 groups that can be added to a user when calling Create User function. If you need to add more groups, call the Add User to Group function.

OnLink allows you to create a simple Jira Automation to set groups based on certain conditions. The below rule checks if Department field contains the word "Sales", then sets the Azure Groups custom field to US Sales group. This is a basic example but the automation can be setup to meet your needs.

 

image-20240306-215043.png

 

Assigning Licenses

OnLink supports assigning licenses to users as part of the Create User function. An admin can select allowed Licenses in the Connections screen (#1 below). Then users can set the "OnLink Azure Licenses" customfield in a Jira issue assign licenses (#2 below).