Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            User Directory Integration

            By Salur Onural

            Learn how to configure user directory integrations

            Note: Microsoft Entra ID is the new name for Azure AD (Azure Active Directory)

            Kandji lets you assign users to specific devices. Using a directory integration to import users allows you to manage your Kandji user assignment in a centralized manner. You can configure automatic device assignment based on your directory settings. Device users in Kandji can only be created and assigned via a directory integration. 

            To import users, you can connect multiple Google Workspace, Microsoft Entra ID, or System for Cross-Domain Identity Management (SCIM) integrations. This article covers adding Active Directory and Google Workspace user directories to Kandji. These native methods are simple to configure and require only a directory administrator account with access to the directory you are trying to integrate. After the initial user sync, Kandji will import users and groups every four hours.

            If you prefer user accounts be added and removed as they are created within your directory, use a SCIM integration. SCIM requires more upfront configuration but allows for Just-in-Time (JiT) account provisioning and de-provisioning. You can use SCIM with Microsoft Entra ID, Okta, and other directory systems that support it. Refer to SCIM Directory Integration for more information.

            Add a Microsoft Entra ID Integration

            1. Navigate to Integrations in the left-hand navigation bar.
            2. Click Discover integrations in the upper-right of the Integrations page. 
            3. Under Directory integrations, click Add and configure under Azure Active Directory Directory.
            4. Click Get Started
            5. Enter a unique name, which will be used in Kandji to show the directory from which a user originates.
            6. Click Sign in with Azure.
            7. Sign in using an Microsoft Entra ID account with admin access to the directory you want to integrate.
            8. Consent on behalf of your organization and click Accept. You will see the new user directory on the Integrations page.

            Add a Google Workspace Integration

            1. Navigate to Integrations in the left-hand navigation bar.
            2. Click Discover integrations in the upper-right of the Integrations page. 
            3. Under Directory integrations, click Add and configure under Google Workspace.
            4. Click Get Started
            5. Enter a unique name, which will be used in Kandji to show the directory from which a user originates.
            6. Click Sign in with Google.
            7. Sign in using a Google account with admin access to the directory you want to integrate.
            8. Click Allow. You will see the new user directory on the Integrations page.

            Add a SCIM Integration

            If you prefer that user accounts should be added and removed as they are created within your directory, use a SCIM integration. Refer to SCIM Directory Integration for more information.

            View Additional Information about a Directory Integration

            1. Click the ellipse on the Directory Integration you would like to view.
            2. Select View details.
              1. Microsoft Entra ID and Google Workspace integrations will show the administrator email account used to connect to the directory and the time of the last import.


              2. SCIM integrations will show the Kandji email used to connect to the directory, the SCIM API URL, and the time of the last sync.

            Force a User Directory Sync

            Microsoft Entra ID and Google Workspace directories sync automatically every four hours, but you can force an immediate sync. SCIM uses a push mechanism form the cloud directory so it not necessary to force-sync a SCIM directory integration.

            1. Click the ellipse on the Directory Integration you would like to sync.
            2. Select Sync users.


            Re-authenticate a Directory Integration

            You might need to re-authenticate an existing Microsoft Entra ID or Google directory intregration to update credentials, change the account that was used to create the integration, or to update permissions.

            1. Click the ellipse on the Directory Integration you would like to re-authenticate.
            2. Select Re-authenticate.
            3. Sign in using a Google or Microsoft Entra ID account with admin access. You will be redirected back to the Integrations page.


            Remove a Directory Integration


            Removing the integration will remove users not assigned to devices from Kandji. Users assigned to devices will remain, but Kandji will no longer synchronize them with the directory.

            1. Click the ellipse on the Directory Integration you would like to delete.
            2. Select Delete integration.
            3. Confirm by typing the name of the integration.
            4.  Click Delete.



            Preview
            0 of 0