Provisioning users with Azure

Scenario: You use Azure as an IdP and want to provision users into Clumio directly using Azure Groups. 

Prerequisites

  • You must have SSO with Azure already set up.
  • The individual setting up must have Super Admin access to Clumio and Global Admin access to the Azure AD portal.
  • The individual must be a part of a group that gets Super Admin access within Clumio.

Setup

  1. Log in to the Azure AD portal and navigate to Enterprise Applications > Clumio SAML App > Single Sign On setting page
  2. Under the Attributes and Claims settings,
    1. Ensure that 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' maps to 'user.givenname'.
    2. Ensure that 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' maps to 'user.userprincipalname' or any attribute that passes the user's email as a SAML response.
    3. Add a new Group Claim.
        • Select Groups Assigned to the Application
        • Select Cloud-only group display names (Preview) under 'Source attribute'
        • Check the Customize the name of the group claim checkbox and add 'http://schemas.xmlsoap.org/claims/Group' as the Name
        • Leave the Namespace empty.
        • Click Save.
          Screen_Shot_2022-11-21_at_9.01.23_AM.png
  3. Under the Enterprise Applications > Clumio SAML App > Assign users and groups page, assign the application to the groups you want. 
    Note: At least one group must have the current user as a member, and this group will get Super Admin permissions within Clumio.
  4. Next, log on to the Clumio portal and navigate to Settings > Access Management > Auto user provisioning

Screen_Shot_2022-09-12_at_2.12.50_PM.png

  1. Click Get Started and type a rule name, select the conditions to apply the rule, give the group a name, select the Super Admin Role, and assign that role to an OU (Global OU for Super Admin)
    Screen_Shot_2022-09-12_at_10.51.50_AM.png
  2. Ensure that the logged-in user is a part of the group that is assigned the Super Admin role.
  3. Once the first rule has been created, click Enable Auto User Provisioning.
    Screen_Shot_2022-09-12_at_11.46.16_AM.png
  4. You can now create additional rules per your requirements by clicking the Create Auto User Provisioning Rule button

Once Auto User Provisioning is enabled, all users are evaluated per the rules you created.