Synchronize Users and Groups with Microsoft Entra ID

Before you begin

  • In the Universal ZTNA Identity Providers window, from the Sync Users and User Groups section, select and review the Setup Guidelines.
  • Take note of Tenant URL and Secret Token in Universal ZTNA.

About this task

To synchronize users and groups in Microsoft Entra ID, you must create a provisioning application that will publish changes from Entra ID to Universal ZTNA. Use this task to create the provisioning application and synchronize users and user groups with Microsoft Entra ID.

Procedure

  1. In Microsoft Entra ID, go to Manage > Enterprise Applications.
  2. Select New application .
  3. In the Browse Microsoft Entra Gallery, select Create your own application and configure application settings.
    1. In the What's the name of your app? field, enter an application name that includes "Provisioning" so that it can be easily located.
    2. Under What are you looking to do with your application?, select the Integrate any other application you don't find in the gallery (Non-gallery) radio button.
  4. Go to Manage > Properties and configure properties.
    1. Set both Assignment Required and Visible to Users to No.
    2. Click Save.
  5. Go to Manage > Provisioning and configure provisioning settings.
    1. Change the Provisioning Mode to Automatic.
    2. Expand Admin Credentials and enter the Tenant URL and Secret Token noted from Universal ZTNA.
  6. On the Identity Providers page in Universal ZTNA, select the Sync AD Users and User Groups check box and configure settings.
    1. In the Confirm AD Syncing dialog, select Confirm.
    2. Select Validate Information.
    3. Select Update.
      Update Identity Provider dialog box appears.
    4. Select Confirm.
      A new dialog appears with the Tenant URL and Secret token.
      Click to expand in new window
    5. Copy the Tenant URL and Secret token for use in the Microsoft Entra ID application.
    6. Enter the Tenant URL and Secret token into the Microsoft Entra ID application and select Test Connection. On the resulting success message, select Save.
      A Scope section is created.
  7. Return to Manage > Enterprise Applicationsto the overview tab for the created provisioning application in Microsoft Entra ID.
  8. Return to Universal ZTNA, select Sync all users and groups from the Scope drop-down list.
  9. Under Provisioning Status, select On.
  10. Select Save.
    Provisioning can take up to an hour to start. Select Provision on Demand from the Provisioning Overview to start an immediate provisioning cycle.
    Click to expand in new window
  11. Select the group or users to provision at that moment.
    Click to expand in new window
  12. Optional: Once provisioning is complete, review the logs for possible provisioning issues.

Results

In Universal ZTNA, the users and user groups are shown as synced.
9038015-00 Rev AB