User Deprovisioning from Azure AD

To enable automatic user deprovisioning from Azure AD to TrustLogix, follow these steps:

Navigate to existing Azure AD SSO Integration item.
Click the Enable Auto Deprovisioning button in TrustLogix.
There are three fields that you need to populate in the TrustLogix UI
1. Azure Tenant ID
2. Client ID
3. Client Secret Value
To retrieve these values, go to Azure and search for "App registrations" and then search for the SSO application that has been created under the "All applications"
Click on the SSO application and on the main page you will find the following values
1. Directory (tenant) ID
2. Application (client) ID
You will have to generate a new client secret by going to the "Certifications & secrets" option under "Manage" option
1. Click on to generate a new client secret.
Now populate the values in the TrustLogix UI with the tenant ID, client ID and client secret Azure values and save them.
For the User Deprovisioning to happen in TrustLogix, the SSO application should be provided with the Microsoft Graph service Read API permissions.
1. Go to "API permissions" option under "Manage" option.
2. Click on button and select "Microsoft Graph" service.
3. Then click on the "Application permissions" button and search for "DelegatedPermissionGrant" as well as "User" permissions to select the Read permission e.g. and click on the "Add permissions" button.
4. Click on "Grant admin consent for Default Directory" button to provide the above Read permissions

If Auto User Deprovisioning is disabled, customers must manually remove users in the TrustLogix application.
If Auto User Deprovisioning is enabled, users removed in Azure AD will be automatically be removed from the TrustLogix application.

By following these steps, TrustLogix will be successfully integrated with Azure AD for automatic user deprovisioning.

Last updated 5 months ago

Was this helpful?