Why set up user provisioning?

With user provisioning and de-provisioning, you will be able to:

  • Automatically create users in Frankli when they are added to your Active Directory.

  • Automatically archive users in Frankli whenever they are disabled or deleted in your Active Directory.

  • Keep certain user attributes synchronised between Frankli and your Active Directory.

Prerequisites

The rest of this article assumes you already meet the following prerequisites:

  • You have an Azure AD tenant.

  • You have a user account in Azure AD with permission to configure provisioning (e.g. Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).

  • You have access to a Frankli admin account.

  • The UPN of your users in your active directory must be set to their email in order to correctly synchronise them with their Frankli accounts.

Step-by-step guide

You can view the step-by-step guide on how to set up user provisioning by visiting the documentation hosted by Microsoft.

Regarding New Users

When a new user is successfully provisioned from Active Directory, they remain uninvited to Frankli until an admin invites them.

Regarding Sites, Departments, and Roles

The integration will use the data from from your users in Active Directory to create Sites, Departments, and Roles within Frankli. However it is important to note that, unlike the provisioned users, their details are not kept in sync with Active Directory and must be managed within Frankli once they are created (such as if you wanted to add grades to roles).

Likewise if you delete a site, department, or role in Frankli, you must set a new one for any affected users in Active Directory so the system can provision the new one.

Regarding clearing User attributes in Active Directory

Due to limitations with Active Directory, it does not send updates for an attribute on a user that has been cleared. For example, if you cleared the value in the "country" field on a user's address, then that change will not be received by Frankli.

As a workaround until such functionality is implemented by Active Directory, instead of clearing an attribute, we recommend that you leave a space instead.

Did this answer your question?