The Azure Active Directory (AD) integration enables you to connect your Automation Cloud account directly to an Azure Active Directory tenant, thus seamlessly integrating Automation Cloud capabilities with your existing IT user management infrastructure.
Some of the key benefits include:
- Automatic user onboarding;
- Simplified sign in experience;
- Usage of the organization-specific URL for direct SSO with Azure AD tenant;
- Enhanced permission and automation management through groups;
- Permission management based on directory groups: Security and/or M365
- Audit permissions assigned to the appropriate groups from Automation Cloud.
If you choose to enable the AD integration for your Automation Hub tenant the user management procedure slightly changes.
In order to enable the Azure Active Directory for your Automation Cloud account, please follow the steps described in this tutorial
Once the setup is done on Automation Cloud, you will be able to leverage the AAD integration on all available services in your cloud account, including Automation Hub.
The procedure to add users is the same as the one described in the Adding Individual Users page still the below changes occur:
- When adding a user, the search functionality from the Add User form searches for users from both Automation Cloud and the AD instance connected with Automation Cloud.
- You will notice that the e-mail field has the "Search Directory" info text inside - which indicates that the search will be performed in both the Automation Cloud local directory and the AAD connected directory.
Upload CSV Feature
Upload CSV is no longer available once the Azure Active Directory is enabled for your Automation Cloud account.
- When starting to type in the E-mail field from the Add User menu, the application will automatically start to query the users that exist in Automation Cloud or in the connected AAD and we can have the following situations:
a. User is found in AAD Directory
This will display the results with a special icon next to it that will indicate that the user was found in the Active Directory
b. User is found in the Automation Cloud user directory
This will display the results with a special icon next to it that will indicate that the user was found in the Automation Cloud Directory
c. User is not found in either directories
In this case, the results dropdown will not be shown anymore external users cannot be added when the AAD connection is active.
- Please keep in mind that the first and last name, Job Title, City, Department are automatically imported from Automation Cloud or from the Azure Active Directory.
- The first and last name can be manually edited on Automation Hub level as well as the other components of the User Profile (Job Title, City, Business Unit, Department)
When the Azure Active Directory is connected, the following information is available for each user entry:
- First Name, Last name, Job Title, City, Department
- Roles - the system roles that are directly assignable to the customer
- Collaborator roles - the collaborator roles that are directly assignable to the customer
- Group info - the AD groups and Automation Cloud groups that the user belong to
- Group roles - the system roles that are inherited based on the groups that the user belongs to
When the Azure Active Directory is connected, the user will be able to edit the following items related to the user:
- First Name
- Last Name
- Job Title
- Business Unit
- Collaborator Roles
The user bulk upload functionality is completely disabled once the AD integration is enabled.
The procedure to add Groups is the same as the one described in the Managing Groups page still the below changes occur:
- When adding a group the search functionality from the Add Group form searches for groups from both Automation Cloud and the AD instance connected with Automation Cloud.
- Each group type is marked with a different icon to differentiate its source.
- When starting to type in the Group Name field from the Add Group menu, the application will automatically start to query the groups that exist in Automation Cloud or in the connected AAD and we can have the following situations:
a. Group is found in AAD Directory
This will display the results with a special icon next to it that will indicate that the group was found in the Active Directory
b. Group is found in the Automation Cloud groups directory
This will display the results with a special icon next to it that will indicate that the group was found in the Automation Cloud Directory
c. Group is not found in either directories
In this case, the results dropdown will show an error message stating that no group was found using the given search text.
After assigning the Roles and clicking Save the group's users are able to access the Automation Hub tenant they were added to.
If an AD group is imported directly to Automation Hub the following observations apply:
- the AD group is mapped to an existing role from Automation Hub;
- all the users that are part of the AD group receive access to the Automation Hub instance from the Automation Cloud platform and they are added to the Everyone group from Automation Cloud.
- the users can access Automation Cloud still they can only view the option for the specific instance of Automation Hub where they were added.
- In the Groups menu, each group entry will have next to it a different icon, based on the source where the group was imported (Automation Cloud or AAD)
- If a group is deleted from either Automation Cloud or AAD, then Automation Hub will show a distinctive warning icon next to that group
- In this case, the group should be either deleted manually from Automation Hub
- Automation Hub will not automatically delete the group entry from the list, it will only detect it and warn the user that an action is needed
Editing a group can be done by simply clicking on the group item, which will automatically open the right side editing menu
The following items can be edited from a group entry:
- Collaborators Roles
- Deleting a group can be done from a the right side edit panel
- The delete option can be found in the lower part of the screen
- Deleting the group will just remove the group from Automation Hub and will not delete it from Automation Cloud or Azure Active Directory
- By deleting the group, all the users that were part of the group will lose access to Automation Hub if they are not included in other groups or if they are manually added as users in the platform.
Updated 4 months ago