GetAccept supports the ability to provision users and teams from Microsoft Azure Active Directory, Okta, G Suite and other popular identity platforms using the SCIM protocol. For customers that utilize Azure AD, users can be provisioned to the platform and automatically added to Teams in GetAccept for convenient access management. GetAccept provisioning integration supports the following features:
Create users in GetAccept
Updates user attributes
Deletes users (inactivates users in GetAccept)
Creates teams in GetAccept (from Azure groups)
Adds or removes users to groups (to teams in GetAccepts)
Manage access rights based on custom application roles
Requirements
To setup GetAccept user provisioning with Azure AD, you need to have an access to the GetAccept Admin account and an Azure account.
If you haven't configured the steps for Single sign-on we recommend you to start with this to have GetAccept application listed in the Azure Access panel application list.
Configuration Steps
Go to your Azure Admin account and go to Azure Active Directory > Enterprise Applications and click on "GetAccept". If you don't have the application, follow our guide to do this here. After adding the application, click on the "Provisioning" section and select the "Automatic" option.
Login to GetAccept using an administrator account and select the entity you would like to use for user provisioning > Update credentials. Go to Settings, Integrations and find SCIM User Provisioning in the list.
Click Connect and generate a new access token using the Generate button.
Copy the URL to Tenant URL and the access token to Secret Token
Click save in GetAccept to store the token and go back to Azure AD screen and click Test Connection. If everything went well you should receive a success message.
Make sure Provisioning Status is set to Off and save the settings for now.
Add custom application roles
In Azure Admin go to Azure Active Directory > App registrations
Click GetAccept in the list
In the left panel click on Manifest and scroll down to find the section appRoles
Replace the section with the following code and press Save at the top
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"description": "Managers can manage teams and their documents",
"displayName": "Manager",
"id": "1b4f816e-5eaf-48b9-8603-7923830595ad",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "manager"
},
{
"allowedMemberTypes": [
"User"
],
"description": "Users can create, send and view documents",
"displayName": "User",
"id": "1b4f816e-5eaf-48b9-8613-7923830595ad",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "user"
},
{
"allowedMemberTypes": [
"User"
],
"description": "Administrators can manage entity settings and users",
"displayName": "Administrator",
"id": "c20e145e-5459-4a6c-a074-b942bbd4cfe1",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "admin"
}
],
Setup data mapping in Azure AD
Go to your Azure Admin account and go to Azure Active Directory > Enterprise Applications and click on "GetAccept". Click on the "Provisioning" section and expand the Edit attribute mappings part.
Click on Synchronize Azure Active Directory Users to customappsso, and click Provision Azure Active Directory Users.
Scroll to the bottom and click Add New Mapping
Select type Expression, enter
SingleAppRoleAssignment([appRoleAssignments])In Target attribute, select
roles[primary eq "True"].valueClick Ok at the bottom part and continue to Save the settings
Add a test user
Go to your Azure Admin account and go to Azure Active Directory > Enterprise Applications and click on "GetAccept".
Click on the "Users and groups" section
Click + Add user
Add yourself or a test user/group
Select Role from the previously created custom roles. If no roles are setup all synchronized users will receive default user-role in GetAccept.
Click Assign to save
Enable provisioning sync
Go to your Azure Admin account and go to Azure Active Directory > Enterprise Applications and click on "GetAccept". Click on the "Provisioning" section
Set Provisioning Status to On and make sure Scope is set to Sync only assigned users and groups.
Click Save and wait a few minutes and check if teams and users have been successfully synchronized to GetAccept.
Need help?
We are here to help you if you get stuck at any step setting up the integration.
Use the chat-icon to the right to start a conversation with our support team or send an email to integrations@getaccept.com