> Clumio user guide > Administer > Manual user provisioning

Provisioning users with Microsoft Entra ID

If you use Microsoft Entra ID (formerly Azure AD) as an IdP, you can provision users into Clumio directly using Azure Groups. 

Prerequisites

  • You must have SSO with Microsoft Entra ID already set up.

  • The individual setting up must have Super Admin access to Clumio and Global Admin access to the Azure AD portal.

  • The individual must be a part of a group that gets Super Admin access within Clumio.

Procedure

  1. Log in to the Microsoft Azure portal, and then click Microsoft Entra ID.

    The Microsoft Entra page appears.

  2. Go to Manage > Enterprise Applications.

    The Enterprise applications page appears.

  3. Go to the Clumio SAML App > Single Sign On setting page.

  4. Under the Attributes and Claims settings, do the following:

    1. Verify that http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name maps to user.givenname.

    2. Verify that http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress maps to user.userprincipalname or any attribute that passes the user's email as a SAML response.

    3. Add a new Group Claim as follows:.

      1. Select Groups Assigned to the Application.

      2. Under Source attribute, select Cloud-only group display names (Preview).

      3. Select the Customize the name of the group claim box, and then add http://schemas.xmlsoap.org/claims/Group as the Name.

      4. Leave the Namespace empty.

      5. Click Save.

  5. Under the Enterprise Applications > Clumio SAML App > Assign users and groups page, assign the application to the groups you want.

    Note

    At least one group must have the current user as a member, and this group will get Super Admin permissions within Clumio.

  6. Log on to the Clumio portal, and then navigate to Administration > Access Management > Auto user provisioning

  7. Click Get Started, enter a rule name, select the conditions to apply the rule, give the group a name, select the Super Admin Role, and then assign that role to an OU (Global OU for Super Admin).

  8. Verify that the logged-in user is a part of the group that is assigned the Super Admin role.

  9. Once the first rule has been created, click Enable Auto User Provisioning.

  10. Click the Create Auto User Provisioning Rule button to create additional rules per your requirements.

    Once Auto User Provisioning is enabled, all users are evaluated per the rules you created.

Page contents

×

Loading...