We noticed that JavaScript is disabled in your browser. We suggest enabling it for a better experience.
We noticed you're using an older version of Internet Explorer. We suggest you update to the latest version for a better experience.
Skip to main content
Print

Manage Users with Azure AD

If your organization uses Microsoft Azure AD to manage staff access to apps and services, you can also use the Azure AD connector to manage staff access to Forms & Workflow. 
The Azure AD connector is a premium paid connector. Go to Integrations > Connectors > Azure AD and select Upgrade to access to discuss adding this connector to your subscription. 

Benefits of the Connector

Use the Azure AD connector to:

  • Speed up onboarding by automatically assigning Forms & Workflow roles to any staff members added to particular Azure AD user groups. They can login immediately with their Microsoft SSO credentials for your organization. 
  • Take advantage of Microsoft's login processes, including two factor authentication and login auditing.
  • As staff move between positions in your organization, simply move them between Azure AD user groups to give them all the permissions they need for their job, and remove those that they don’t. When they leave, deactivating their Azure AD profile automatically deactivates their Forms & Workflow account. 
  • Optional: Further streamline onboarding and role changes by assigning Azure AD user groups to workspaces.

Before You Begin

Before you install the Azure AD connector, it’s important to discuss an implementation plan with your IT team. 

You’ll need your Azure AD administrator’s help to establish a connection to Azure AD, and they’ll need your input to tailor the connection to your organization’s needs.

To prepare:  

  1. Learn how the Azure AD connector works. We've created an article that explains the key terms, concepts, and choices involved in setting up the connector in plain language. This will help you work effectively with your Azure AD administrator.
  2. Direct your Azure AD administrator to our Azure AD setup guide.  This article provides a walkthrough of the connection process for Azure AD administrators.
  3. Discuss the choices outlined in how the Azure AD connector works with your Azure AD administrator.

Getting Started

When you're ready to install the connector:

  1. Make sure your Azure AD administrator is available, and has our Azure AD setup guide open. 
  2. Go to Integrations > Connectors > Azure AD, and select Connect.
    Connect.png
    This will open the connection wizard.
  3. When you're directed to, pass on the Tenant URL and Secret token to your Azure AD administrator.
  4. Your Azure AD administrator will complete the connection process. 
  5. When your Azure AD administrator has completed the process, select Proceed to role assignment
    Proceed.png
    This will take you to the Azure AD configuration screen.
    azure AD Configuration screen
    Here you can assign roles to Azure AD user groups.

Once the Azure AD connector is installed, you can return to the Azure AD configuration screen at any time by going to Integrations > Connectors > Azure AD > Edit Azure AD configuration

Assign Roles

For a full guide to assigning roles to provisioned Azure AD user groups, see assign Forms & Workflow roles to Azure AD user groups.

User Quotas

Because the number of staff members in an Azure AD user group is managed outside of Forms & Workflow, it is possible to exceed your organization's user quota as staff are added to Azure AD user groups that have already been assigned roles.

If this happens, all of your organization's users will have their editing and publishing actions disabled until your organization is back within its user limit.

Regenerate Tokens

From time to time, your IT team may require you to regenerate the secret token used to establish a connection between Forms & Workflow and Azure AD. This is typically done if your security policy stipulates a token lifespan, similar to a password update policy.  

To do this:

  1. Go to Integrations > Connectors > Azure AD.
  2. Use the Azure AD configuration drop-down menu to select Edit connection.
    Edit azure AD connection
  3. Check the box to confirm that you understand that regenerating your secret token will pause provisioning until your Azure AD administrator enters the new token, then select Regenerate.
    regenerate Azure AD token
    While provisioning is paused, Forms & Workflow won't receive updates from Azure AD, but your existing staff can continue to use their logins and roles as before. 
  4. Pass on your new secret token and, if necessary, your tenant URL, to your Azure AD administrator.
    Your tenant URL isn't normally required as this does not change when you regenerate a token.
  5. Close the edit connection window. 

Your Azure AD administrator will let you know when the new token has been entered and Azure AD has resumed sending user group data. 

Disconnect from Azure AD

Disconnecting from Azure AD will permanently deactivate any users currently managed through the Azure AD connector, and remove any roles and workspaces assigned to Azure AD user groups. This step cannot be undone.To permanently disconnect the Azure AD connector:

  1. Discuss your plan with your IT team.
  2. Go to Integrations > Connectors > Azure AD.
  3. Select Disconnect from the Azure AD configuration drop-down menu.
  4. Type DISCONNECT in the confirmation dialog, and select Disconnect.

Once disconnected, Forms & Workflow will not receive further data from Azure AD unless you establish a new connection.

We recommend you let your Azure AD administrator know when you have completed disconnection so they can remove Forms & Workflow from their application list. 

What Else?

Was this helpful?

Related topics