{{getMsg('Help_YouAreHere')}}:
/
{{page.title}}
{{page.title}}
{{$root.getMsg("downLoadHelpAsPdf")}}
{{helpModel.downloadHelpPdfDataStatus}}
MS Entra ID Configuration
This is an example setup using Microsoft Entra ID to publish users and groups into i-net PDFC.
Prerequisites
-
You need to have access to the portal: https://portal.azure.com
-
You need to have access to the Microsoft Entra ID application
-
The Token Authentication plugin must be installed.
-
The i-net PDFC server must be reachable from the internet.
Steps
-
Go to the Microsoft Entra ID application of the Azure Portal.
-
Select Manage → Enterprise applications on the left navigation.
-
Add a New application in the top menu.
-
Click Create your own application, also in the top menu.
-
Enter an application name
-
Select that the required application is not available in the catalog
-
Finish the creation of the application
-
-
In the side navigation, select Manage → Provisioning
-
Create an automatic provisioning
-
You need to provide the Client-URL and Secret Token now.
-
The Client-URL is the external URL to the SCIM Web API endpoint:
https://your-server/api/scim/v2
. -
The Secret Token has to be a token for a user in the i-net PDFC with access to the Users and Groups manager. It should be advised that a dedicated user should be used here. Also, make sure that the token has access to the SCIM extension.
-
You should now test the connection before saving your settings.
-
-
In the side navigation, select Users and Groups so they can be assigned to your application. Only then can they be synchronized into i-net PDFC. Depending on your current plan, you may select a user group for much simpler provisioning.
-
You can use “Provide on demand” to test whether the transfer works in principle. Use the search mask to select the group or user to be synchronized.
Automatic Provisioning
-
From the side navigation, select the Overview
-
Click Automatic Provisioning to start synchronizing the configured users.
SSO Login
Using SCIM with MS Entra ID allows synchronizing users and make them available for SSO. You have to add the OAuth plugin and configure it for an Azure login. Now, syncing users with the i-net PDFC allows those users to log in without the creation of a new account.
Error Handling
In case of synchronization errors, there are several places to check:
-
The Azure Application log:
-
Go to your application
-
Select
Monitor → Provisioning logs
-
-
In the i-net PDFC server:
-
Go to application Statistics, select one of:
-
Users and Groups Events
-
Security Events - check out the user logins for the user designated to the Web API
-
Website Errors - check for non-200 status codes
-
-