Admin Setup and Configuration Guide: Automated User Management via Azure AD
Automated User Management via ActivTrak’s Azure AD integration makes it easier to administer your ActivTrak account by leveraging your preferred system for managing your users and groups. With the Azure AD integration, users and groups are automatically configured and updated in one centralized location inside ActivTrak, eliminating the need to manually make changes.
With Automated User Management, Admins can:
- Create and delete Groups
- Add users to the Do Not Track list
- Add and remove users from Groups
- Delete Users
ActivTrak’s Azure AD integration leverages the group/user organizational information stored in Azure AD. We recommend using top-level groups – one that defines your groups/members structure for ActivTrak users and another one that contains groups/members to add to the Do Not Track list.
There are specific requirements you will need to meet in order to leverage Automated User Management via the Azure AD integration in ActivTrak. They include:
- A current ActivTrak paid plan subscription
- Admin role permissions in your ActivTrak account
- Administrative permissions to your active Azure AD instance
NOTE: To update your Azure AD integration configuration and add a Delete parent group name or update any existing parent group names, you will want to delete the integration and re-enable it.
Initial Azure AD Integration Setup Instructions
Within your Azure AD instance
You will need to complete the following preparation activities within your Azure AD instance:
1. Set up your ActivTrak groups.
- Create a group that will contain your ActivTrak groups. This is your ActivTrak parent group.
- Within this group, initially set up 1-2 child groups with 5-10 total users. These are the groups that the integration will create groups for. Ideally, these users will already have the ActivTrak Agent installed on their devices and are reporting data so you can easily validate the users and groups you’re creating. Over time, you can progressively increase your desired number of groups and users.
- This solution works for both static and dynamic groups and allows group nesting, but only for security groups. Since Microsoft 365 groups do not allow nesting, we are unable to support that group type.
2. Set up your Do Not Track groups.
- Create a group that will contain users that you do not wish to track in ActivTrak. This will be your Do Not Track parent group.
- Within this group, set up 1-2 child groups of approximately 2-3 total additional users to add to the Do Not Track list so you can easily validate the users you have added to the Do Not Track list. Over time, you can progressively increase your desired number of groups and users under the Do Not Track parent group.
3. Setup your Delete groups.
- Create a group that will contain users that you wish to delete in ActivTrak. This will be your Delete parent group.
- Within this group, set up 1-2 child groups of approximately 2-3 total users to be deleted so you can easily validate when the deletion completes. Allow up to 12 hours to verify deletion completion. Over time, you can progressively increase your desired number of groups and users under the Delete parent group.
Enable the Integration
- Within the ActivTrak app, from the navigation, select Integrations > Integrate.
- Click the “Integrate” button on the User Configuration with Azure AD card, as shown below.
3. A popup window will prompt you to:
- Enter your Azure AD credentials
- Provide a label for your integration instance
- Either provide the name of the ActivTrak parent group, Do Not Track parent group, and/or the name of the Do Note Track ActivTrak parent group and/or the name of the Delete parent group. See below.
Data Import and Automation
- Initially, Groups/Do Not Track/Users will be reflected in your ActivTrak account within 24 hours.
- Subsequent updates will be reflected on a daily basis.
- Verify within the app that Users, Do Not Track, and ActivTrak groups are configured similarly to your Azure AD groups.
- The integration initially attempts to link the received Azure AD user profiles to their Agent data. Once this is successful, the integration automatically synchronizes the groups, the Do Not Track list, and/or the deletion from the Users list.
- Only groups with linked users are created in ActivTrak.
- Removing users from Azure AD Do Not Track parent group will not remove the user from the ActivTrak Do Not Track list. To do this, we recommend that you remove users from the Do Not Track list within the ActivTrak app.
Updating your integration configuration
To update your Azure AD integration’s configuration (eg. adding a Delete parent group name or updating any of the other existing parent group names), the integration will need to be deleted and re-enabled to accept the updated parent group name values. To delete the Azure AD integration, click on the settings button and select Delete. After deleting, please follow the earlier steps to set up the integration.
For additional questions or help with the Azure AD integration, please reach out to ActivTrak’s Support team.
Was this article helpful?
0 out of 3 found this helpful