Articles in this section
Category / Section

Installing and Configuring The Microsoft Entra ID

Published:

The Microsoft Entra ID is currently undergoing review, but it is accessible for use as it has been released.

Microsoft Entra ID, previously known as Azure Active Directory, is a cloud-driven identity and access management service that enables organizations to manage permissions and secure access to their confidential resources.

It supports user provisioning through the system for cross-domain identity management (SCIM) 2.0 protocol. SCIM is a standard protocol for managing user identities across different systems and applications.

This integration enables the automatic import of customer accounts into the BoldDesk application from Microsoft Entra ID. It also provides seamless synchronization for existing user profiles, ensuring that any updates to user data within Microsoft Entra ID are automatically reflected in BoldDesk.

Key Features

  1. Seamlessly synchronize users as both contacts and agents
  2. Effortlessly generate users within BoldDesk
  3. Instantly remove user access when no longer required
  4. Maintain synchronized user attributes between Microsoft Entra ID and BoldDesk


Please watch this video tutorial for further information.

Installation of the Microsoft Entra ID in BoldDesk

To install the Microsoft Entra ID app follow the below steps:

  1. Go to Admin menu > Marketplace.

  2. Search and select the Microsoft Entra ID app.

    azure-ad-search.png

  3. Click the ‘Install’ button to install the Microsoft Entra ID.

    azure-ad-install.png

Synchronize Microsoft Entra ID user into agent

  1. Select the “Agent” option to synchronize Microsoft Entra ID user as agent.
  2. Select the option “Sync users irrespective of the role” if you want to synchronize all users from Microsoft Entra ID.
  3. To synchronize exclusively the users assigned to that role with the application, select the option “Sync only users of a specific role” and enter the Role within the Microsoft Entra ID.

To ensure user synchronization, the roles defined in BoldDesk must be matched with the role assigned to users within Microsoft Entra ID.

Configuration1.png

  1. For multiple agent configurations, ensure the syncing type is set to either Agent or Both and the scope is defined as Specific Role. Additionally, ensure each configuration has a unique Microsoft Entra ID custom role.

  2. To add an additional agent configuration, click on Add Agent Configuration.

    Configuration2.png

  3. Each agent configuration includes default settings for Ticket Access Scope, Ticket Brand Access, and Roles, which are applied when a new agent is created in BoldDesk.

  4. Admins can now customize each agent’s configuration and permissions based on Microsoft Entra ID custom roles.

  5. Click Save.

When an agent is deleted from Microsoft Entra ID, that specific agent account is deactivated, and all the unresolved tickets are transferred to unassigned.

Synchronize Microsoft Entra ID user into contact

  1. Choose the “Contact” option to synchronize Microsoft Entra ID user as contact.
  2. Choose the option “Sync users irrespective of the role” if you want to synchronize all users from Microsoft Entra ID.
  3. Choose the option “Sync only users of a specific role” and enter the Role within the Microsoft Entra ID to synchronize exclusively the users assigned to that role with the application.

To ensure user synchronization, the roles defined in BoldDesk must be matched with the role assigned to users within Microsoft Entra ID.

  1. Click Save Button.

    ContactConfiguration.png

When a contact is deleted from Microsoft Entra ID, the corresponding contacts will be soft-deleted and moved to the deleted contacts. All the current tickets requested by this contact will be marked as spam.

Synchronize Microsoft Entra ID user into agent or contact

  1. Select the “Both” option to synchronize a Microsoft Entra ID user as either an agent or a contact.

  2. Configure the Agent and Contact settings as described previously.

  3. Click Save Button.

    BothConfiguration.png

Configure user provisioning for BoldDesk in Microsoft Entra ID

Add BoldDesk from the Microsoft Entra application gallery

  1. Log into the Microsoft Entra Admin Portal.

  2. Go to Identity > Applications > Enterprise applications > New application.

    azure-ad-create-app-1.png

  3. Click the “Create Your Own Application” button.

  4. Enter a name for the application.

  5. Select the option Integrate any other application you don’t find in the gallery (Non-gallery).

  6. Click the Create button. Once the application is created, you will be redirected to the application’s home page.

    azure-ad-create-app-2.png

Connect with BoldDesk account

  1. In application page, select Provisioning in the left sidebar menu.

    azure-ad-provisioning-1.png

  2. Choose the Automatic option from the Provisioning Mode menu.

  3. Under the Admin Credentials section, enter your Tenant URL and Secret Token(Click on this link to create an API token).

Tenant URL: https://{your-domain}.bolddesk.com/api/v1/scim

  1. Click the Test Connection button to confirm Microsoft Entra ID connects with BoldDesk. Click Save when finished.

    azure-ad-provisioning-2.png

Attribute mapping

  1. In application page, select Provisioning in the left sidebar menu and then click on Edit attribute mappings.

  2. Choose the option to Provision Azure Active Directory Groups and then turn off this feature.

  3. Choose the Provision Azure Active Directory Users and then turn on this feature.

    azure-ad-mapping-1.png

  4. Choose the Target Object Action (Create, Update, and Delete).

    azure-ad-mapping-3.png

  5. In Attribute mappings section, add the user attributes and delete all default attributes not included in the following list.

Azure Active Directory Attribute Customappsso attribute Matching precedence Apply this mapping Mapping type Notes
userPrincipalName userName 1 Always Direct Mandatory
Switch([IsSoftDeleted], , "False", "True", "True", "False") active - Always Expression Mandatory
displayName displayName - Always Direct Mandatory
jobTitle title - Always Direct -
mail emails[type eq "work"].value - Always Direct -
Switch(Join(" ", [givenName], [surname]), Join(" ", [givenName], [surname]), "", [mailNickname]) name.formatted - Always Expression Mandatory
telephoneNumber phoneNumbers[type eq "work"].value - Always Direct -
mobile phoneNumbers[type eq "mobile"].value - Always Direct -
objectId externalId - Always Direct Mandatory
SingleAppRoleAssignment([appRoleAssignments]) roles[primary eq "True"].value - Always Expression Mandatory
physicalDeliveryOfficeName addresses[type eq “work”].formatted - Always Direct or Expression We can also bind expression like this Join(",", [streetAddress], [city], [state], [postalCode], [country])
  1. The attributes selected as matching properties are used to match the user accounts in BoldDesk for update operations. To save any changes, select Save.

    1.png

Provisioning setting

  1. Check the box labeled Send an email notification when a failure occurs and enter the email address to receive the provisioning error notifications.
  2. In the settings section, choose Scope to specify which users should be provisioned for BoldDesk.

Sync all users and groups: This option will synchronize all users from Microsoft Entra ID to BoldDesk.

Sync only assigned users and groups: This option will synchronize only the users assigned to the enterprise application.

azure-ad-setting-1.png

Start provisioning

  1. In application page, select Provisioning in the left sidebar menu.

  2. Click Start provisioning.

    azure-ad-start-provisioning.png

Synchronizing Users from Microsoft Entra ID to BoldDesk

Synchronize all users from Microsoft Entra ID

  1. Select the option to Sync all users and groups in the Scope section of the Microsoft Entra Admin Portal.

    azure-ad-add-user-6.png

On the BoldDesk configuration page, ensure that the option to ‘Sync users regardless of their role’ is chosen.

Synchronize only assigned users to the application

  1. Select the option to Sync only assigned users and groups in the Scope section of the Microsoft Entra Admin Portal.

    azure-ad-add-user-7.png

On the BoldDesk configuration page, ensure that the option to Sync only users of a specific role is chosen and enter the Role.

To ensure user synchronization, the roles defined in BoldDesk must be matched with the role assigned to users within Microsoft Entra ID.

Add custom app role

  1. In Microsoft Entra Admin Portal, select App registrations in the left panel and go to the All applications tab.

  2. Click on BoldDesk application.

  3. In the left panel, select App roles and then click Create app role.

    azure-ad-app-role-1.png

  4. Enter the required information and then Apply the changes.

    azure-ad-app-role-2.png

Assigned users with custom role to application

  1. In application page, select Users and Groups in the left sidebar menu.

    azure-ad-add-user-1.png

  2. Select Add User/Group, then click None Selected.

    azure-ad-add-user-2.png

  3. Select the users and roles if you wish to synchronize only selected users.

  4. Select the groups and roles if you wish to synchronize all users in selected group.

  5. Click the Assign button.

    azure-ad-add-user-3.png

    azure-ad-add-user-4.png

  6. The list of assigned users will be displayed as depicted in the image below. Only those users who have been assigned to the application will be eligible for provisioning.

    azure-ad-add-user-5.png

FAQs

1. Do we support inbound provisioning?
No, we only support outbound provisioning.

2. How frequently does Microsoft Entra ID perform user provisioning?
User provisioning is automatically triggered at a default interval of 40 minutes.

3. Can the provisioning be stopped?
You can start, restart, and stop provisioning at any time. Users who already exist in the target application with the same username/ID will be updated.

4. Do we have to restart the provisioning when there is a change in the provisioning scope settings?
Yes, we must restart the provisioning when there is a change in the scope settings.

5. Provisioning logs
Provisioning logs offer valuable insights into the provisioning process, indicating its success, identifying modified properties, and highlighting any failures. To access provisioning logs:

  1. Navigate to your application.
  2. Go to Manage > Provisioning > View provisioning logs.

For more information, please refer to these links:

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-provisioning-logs?context=azure%2Factive-directory%2Fmanage-apps%2Fcontext%2Fmanage-apps-context
https://learn.microsoft.com/en-us/entra/identity/app-provisioning/how-provisioning-works#errors-and-retries

6. What happens if a user is deleted in Azure?
Contact: When a contact is deleted from Microsoft Entra ID, the corresponding contacts will be soft-deleted and moved to the deleted contacts. All the current tickets requested by this contact will be marked as spam.

Agent: When an agent is deleted from Microsoft Entra ID, that specific agent account is deactivated, and all the unresolved tickets are transferred to unassigned.

7. What happens if a user is unassigned from the app in Azure?
Contact: When a contact is unassigned from Microsoft Entra ID, the corresponding contacts will be soft-deleted and moved to the deleted contacts. All the current tickets requested by this contact will be marked as spam.

Agent: When an agent is unassigned from Microsoft Entra ID, that specific agent account is deactivated, and all the unresolved tickets are transferred to unassigned.

8. What happens if a user is deleted in BoldDesk after initial syncing?
The user will be reactivated if there are any changes in Microsoft Entra ID.

9. What are the potential causes for the Azure AD User Provisioning Application entering quarantine mode?
• The secret token generated for the Azure AD User Provisioning Application is invalid or expired or doesn’t have the right permission.
• A considerable number of failures occurred while creating, updating, or deleting users.
• When the Microsoft Entra ID app is not installed in BoldDesk.

For further information on why the application enters quarantine mode and the necessary steps to resolve it, please refer to Azure Active Directory documentation.

10. What happens if custom app roles are changed?
User provisioning will not work if custom app roles are changed.

11. How to sync the users in groups?
To sync users in groups, follow these steps:

12. Which permission is required to authenticate an app in the azure portal?
To authenticate the SCIM API in the Azure portal, users must have the Manage App permission within the Admin module on the BoldDesk site.

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Please  to leave a comment
Access denied
Access denied