Admin Setup and Configuration Guide: Automated User Management via Entra ID (formerly Azure AD)
Overview
Automated User Management via ActivTrak’s Azure AD integration makes it easier to administer your ActivTrak account by leveraging your preferred system for managing your users and groups. With the Azure AD integration, users and groups are automatically configured and updated in one centralized location inside ActivTrak, eliminating the need to manually make changes.
With Automated User Management, Admins can:
- Create and delete Groups
- Add users to the Do Not Track list
- Add and remove users from Groups
- Delete Users
ActivTrak’s Azure AD integration leverages the group/user organizational information stored in Entra ID We recommend using top-level groups – one that defines your groups/members structure for ActivTrak users and another one that contains groups/members to add to the Do Not Track list.
Watch the video tutorial and read details below to learn how to create and manage users and groups via the Azure AD integration.
A demonstration of automated user group creation with the Azure AD integration
Requirements
There are specific requirements you will need to meet in order to leverage Automated User Management via the Azure AD integration in ActivTrak. They include:
- A current ActivTrak paid plan subscription
- Admin role permissions in your ActivTrak account
- Administrative permissions to your active Entra ID instance
NOTE: To update your Azure AD integration configuration and add a Delete parent group name or update any existing parent group names, you will want to delete the integration and re-enable it.
Initial Azure AD Integration Setup Instructions
Within your Azure AD instance
You will need to complete the following preparation activities within your Azure AD instance:
1. Set up your ActivTrak groups.
- Create a group that will contain your ActivTrak groups. This is your ActivTrak parent group.
- Within this group, initially set up 1-2 child groups with 5-10 total users. These are the groups that the integration will create groups for. Ideally, these users will already have the ActivTrak Agent installed on their devices and are reporting data so you can easily validate the users and groups you’re creating. Over time, you can progressively increase your desired number of groups and users.
- This solution works for both static and dynamic groups and allows group nesting, but only for security groups. Since Microsoft 365 groups do not allow nesting, we are unable to support that group type.
2. Set up your Do Not Track groups.
- Create a group that will contain users that you do not wish to track in ActivTrak. This will be your Do Not Track parent group.
- Within this group, set up 1-2 child groups of approximately 2-3 total additional users to add to the Do Not Track list so you can easily validate the users you have added to the Do Not Track list. Over time, you can progressively increase your desired number of groups and users under the Do Not Track parent group.
- Note: Users in the DNT group will be moved to the DNT list but will remain under User Agents and continue to consume a license. They will appear both under Settings > Users & Groups > Do Not Track and under Settings > Users & Groups > User Agents. This is ideal for users who should no longer be tracked, but whose historical data needs to stay within ActivTrak.
3. Setup your Delete groups.
- Create a group that will contain users that you wish to delete in ActivTrak. This will be your Delete parent group.
- Within this group, set up 1-2 child groups of approximately 2-3 total users to be deleted so you can easily validate when the deletion completes. Allow up to 12 hours to verify deletion completion. Over time, you can progressively increase your desired number of groups and users under the Delete parent group.
- Note: Users in the Delete group will be moved to the DNT list and also deleted from under User Agents, freeing their license. They will only appear under Settings > Users & Groups > Do Not Track. This is ideal for users who should no longer be tracked, and whose historical data does not need to stay within ActivTrak.
Enable the Integration
- Within the ActivTrak app, from the navigation, select Integrations > Integrate.
- Click the “Integrate” button on the User Configuration with Azure AD card, as shown below.
3. A popup window will prompt you to:
- Enter your Entra ID credentials
- Provide a label for your integration instance
- Either provide the name of the ActivTrak parent group, Do Not Track parent group, and/or the name of the Do Not Track ActivTrak parent group and/or the name of the Delete parent group. See below.
Data Import and Automation
- Initially, Groups/Do Not Track/Users will be reflected in your ActivTrak account within 24 hours.
- Subsequent updates will be reflected on a daily basis.
- To trigger an immediate data re-sync, click Disable from the integration settings then click the Integrate button. The sync will be completed within an hour.
- Verify within the app that Users, Do Not Track, and ActivTrak groups are configured similarly to your Entra ID groups.
- Automation
- The integration initially attempts to link the received Entra ID user profiles to their Agent data. Once this is successful, the integration automatically synchronizes the groups, the Do Not Track list, and/or the deletion from the Users list.
- Only groups with linked users are created in ActivTrak.
- Removing users from Entra ID Do Not Track parent group will not remove the user from the ActivTrak Do Not Track list. To do this, we recommend that you remove users from the Do Not Track list within the ActivTrak app.
- Users in the Do Not Track group in Entra ID will be placed in ActivTrak’s Do Not Track list therefore they will no longer be tracked. However, their historical data will be kept in ActivTrak and will continue to use a license.
- Placing users in the Entra ID delete group will delete the user as well as add them to the ActivTrak Do Not Track list.
Opt-in to automatically sync user attributes through the Entra ID (formerly Azure AD) integration
To aid the use of integrations and manage the presentation of Users in ActivTrak, user attributes such as display name and identifiers can be automatically updated through the integration and be viewed from the Users page. This is currently available as an opt-in. Please contact ActivTrak Support to enable this for your account.
Updating your integration configuration
To update your Azure AD integration’s configuration (eg. adding a Delete parent group name or updating any of the other existing parent group names), the integration will need to be deleted and re-enabled to accept the updated parent group name values. To delete the Azure AD integration, click on the settings button and select Delete. After deleting, please follow the earlier steps to set up the integration.
For additional questions or help with the Azure AD integration, please reach out to ActivTrak’s Support team.
Related Articles:
Was this article helpful?
2 out of 5 found this helpful
Comments
No comments