Skip to main content

Tenant Administration

Users - Single Sign on

Microsoft Entra

  1. Add Nodefusion Account to Microsoft Entra Enterprise Applications - this can be done in a way that administrator from your Tenant Registers on Nodefusion Account - prompt should pop up

    image.png

  2. Configure scope to users which you want to be able to access by defining Users and Groups in the Nodefusion Account Enterprise Application

Users - SCIM Provisioning

Enable SCIM User Provisioning in Nodefusion Account

  1. Have a permission role for Tenant Admin on Nodefusion Account
  2. Go to Nodefusion Account, and choose manage your Tenant link
  3. In the left menu, navigate to SCIM and click Create New
  4. Choose your login provider (Microsoft) and enter your internal notes about scim config if needed
  5. Click Create and copy your Generated APIKey
  6. Then go back to list to confirm your key is on the list

Configure Microsoft Entra - SCIM Provisioning

  1. Go to Microsoft Entra, Enterprise Applications, choose + New Application on the ribbon
  2. Then from 'Browse Microsoft Entra Gallery' choose + Create your own application on the ribbon
  3. Enter Nodefusion Account SCIM and choose: Integrate any other application you don't find in the gallery (Non-gallery)
  4. Open Nodefusion Account SCIM - and then Provisioning - then again Provisioning
    1. Set Provisioning Mode to Automatic
    2. For Tenant URL enter: https://login.nodefusion.com/scim/v2
    3. Paste your previously generated APIKey under Secret Token
    4. Click Test Connection and then if successful, Click Save in the ribbon
  5. Then after saving url and secret, under Mappings you should
    1. Disable provisioning of Entra ID Groups
    2. Edit User mappings; externalId as matching attribute: image.png You should edit externalId mapping to map objectId source attribute and to be set as matching attribute. Mappings other than this five from picture should be deleted

After configuring mappings you can check if provisioning works by using provision on demand functionality on Microsoft Entra. After that you can proceed to configure which part of your directory will be synced to Nodefusion Account, how often and so on.