/
User Directory Synchronization and SSO

User Directory Synchronization and SSO

Synchronize users

You can synchronize users against a user directory. The user directories currently supported are

  • LDAP directory (such as Microsoft AD)

  • Microsoft Azure AD

To set up directory synchronization, go to Owner → [You owner] → User Directories

To, e.g. connect to Azure AD, press “New Azure AD connection.”

Give your directory a name and an AD group to filter optionally. Only users in this group will then be added to dRofus. Click “New Entra directory”

image-20250325-134706.png

You must press “Login” to log in to your directory. You will be redirected to Microsoft to log in. You must log in with an account with permission to read your directory.

image-20250325-134433.png
Select Edit to revise a previously created directory. Note that you need to log in to sync the directory.
image-20250325-134528.png
Define the AD group name that matches in Entra.

After this is done, you can press Sync to test the synchronization. You will get a preview of the users that will be added.

image-20250325-135205.png
Preview of AD Sync

Users that does not have a surname and given name in the directory will be skipped.

The directory will control the user's existence, so you can not delete the user without doing it from the directory. The username, email, and first and last name will be updated from the directory, and it is also impossible to change from the admin anymore. Users' information (email, first and last name) will be updated if anything changes in the directory. If you have users with the same username as in the directory, the directory will take control, too.

If you, a user, are removed from AAD, the following will happen:

  • Member: User account will be disabled

  • Guest: Project access will be disabled for all projects to which the guest has access from your owner.

The directory will be synchronized once every day.

If the Entra system does not find the AD group, you will see an error message

image-20250325-134914.png

User authentication

Users can authenticate through Microsoft from the login page on dRofus WEB. To do this, their username in Microsoft Azure AD must match their username in dRofus. This can be accomplished using the sync above or ensuring their usernames match. Existing users with the same username in Azure AD and dRofus can also use this feature. Log in from the web and the client (2.7 and above) using the “Login with dRofus WEB” at the login screen.

Currently, there are some limitations to be aware of:

  • Accessing the API via Active Directory login is not supported.

 

Related content