User Directory Synchronization and SSO
Synchronize users
You can synchronize users against a user directory. The user directories currently supported are
LDAP directory (such as Microsoft AD)
Microsoft Azure AD
To set up directory synchronization, go to Owner → [You owner] → User Directories
To, e.g. connect to Azure AD, press “New Azure AD connection.”
Give your directory a name and an AD group to filter optionally. Only users in this group will then be added to dRofus. Click “New Entra directory”
You must press “Login” to log in to your directory. You will be redirected to Microsoft to log in. You must log in with an account with permission to read your directory.
After this is done, you can press Sync to test the synchronization. You will get a preview of the users that will be added.
Users that does not have a surname and given name in the directory will be skipped.
The directory will control the user's existence, so you can not delete the user without doing it from the directory. The username, email, and first and last name will be updated from the directory, and it is also impossible to change from the admin anymore. Users' information (email, first and last name) will be updated if anything changes in the directory. If you have users with the same username as in the directory, the directory will take control, too.
If you, a user, are removed from AAD, the following will happen:
Member: User account will be disabled
Guest: Project access will be disabled for all projects to which the guest has access from your owner.
The directory will be synchronized once every day.
If the Entra system does not find the AD group, you will see an error message
User authentication
Users can authenticate through Microsoft from the login page on dRofus WEB. To do this, their username in Microsoft Azure AD must match their username in dRofus. This can be accomplished using the sync above or ensuring their usernames match. Existing users with the same username in Azure AD and dRofus can also use this feature. Log in from the web and the client (2.7 and above) using the “Login with dRofus WEB” at the login screen.
Currently, there are some limitations to be aware of:
Accessing the API via Active Directory login is not supported.