User Directory Integration

By Salur Onural

Learn how to configure user directory integrations

Kandji lets you assign users to specific devices. To import users, you can connect multiple Google Workspace, Azure Active Directory (AD), or System for Cross-Domain Identity Management (SCIM) integrations. This article covers adding Active Directory and Google Workspace user directories to Kandji. These native methods are simple to configure and require only a directory administrator account with access to the directory you are trying to integrate. After the initial user sync, Kandji will import users and groups every four hours.

If you prefer user accounts be added and removed as they are created within your directory, use a SCIM integration. SCIM requires more upfront configuration but allows for Just-in-Time (JiT) account provisioning and de-provisioning. You can use SCIM with Azure Active Directory, Okta, and other directory systems that support it. Refer to SCIM Directory Integration for more information.

Add an Azure Active Directory Integration

Navigate to Integrations in the left-hand navigation bar.
Click Discover integrations in the upper-right of the Integrations page.
Under Directory integrations, click Add and configure under Azure Active Directory Directory.
Click Get Started
Enter a unique name, which will be used in Kandji to show the directory from which a user originates.
Click Sign in with Azure.
Sign in using an Azure account with admin access to the directory you want to integrate.
Consent on behalf of your organization and click Accept. You will see the new user directory on the Integrations page.

Add a Google Workspace Integration

Navigate to Integrations in the left-hand navigation bar.
Click Discover integrations in the upper-right of the Integrations page.
Under Directory integrations, click Add and configure under Google Workspace.
Click Get Started
Enter a unique name, which will be used in Kandji to show the directory from which a user originates.
Click Sign in with Google.
Sign in using a Google account with admin access to the directory you want to integrate.
Click Allow. You will see the new user directory on the Integrations page.

Add a SCIM Integration

If you prefer that user accounts should be added and removed as they are created within your directory, use a SCIM integration. Refer to SCIM Directory Integration for more information.

View Additional Information about a Directory Integration

Click the ellipse on the Directory Integration you would like to view.
Select View details.
1. Azure Active Directory and Google Workspace integrations will show the administrator email account used to connect to the directory and the time of the last import.
2. SCIM integrations will show the Kandji email used to connect to the directory, the SCIM API URL, and the time of the last sync.

Force a User Directory Sync

Azure Active Directory and Google Workspace directories sync automatically every four hours, but you can force an immediate sync. SCIM uses a push mechanism form the cloud directory so it not necessary to force-sync a SCIM directory integration.

Click the ellipse on the Directory Integration you would like to sync.
Select Sync users.

Re-authenticate a Directory Integration

You might need to re-authenticate an existing Azure or Google directory intregration to update credentials, change the account that was used to create the integration, or to update permissions.

Click the ellipse on the Directory Integration you would like to re-authenticate.
Select Re-authenticate.
Sign in using a Google or Azure account with admin access. You will be redirected back to the Integrations page.

Remove a Directory Integration

Removing the integration will remove users not assigned to devices from Kandji. Users assigned to devices will remain, but Kandji will no longer synchronize them with the directory.

Click the ellipse on the Directory Integration you would like to delete.
Select Delete integration.
Confirm by typing the name of the integration.
Click Delete.