Overview
Cleverstory’s new Single Sign-On (SSO) integration with Microsoft Azure provides automated user management. With this integration, users added in Azure AD are automatically created in Cleverstory. Likewise, if a user is removed or disabled, their access to Cleverstory is also disabled. This ensures synchronized user management and enhances security.
Prerequisites for Configuring SSO Integration in Azure
Certain configurations need to be completed in Azure before enabling automated user management in Cleverstory.
1) Azure
Go to Dashboard > Enterprise Applications > select the app associated with Cleverstory for SSO. On the left, under Manage, select Provisioning. Click on ‘Get Started’ to proceed.
2. Provisioning Configuration:
a) Provisioning Mode: Set to Automatic.
b) Admin Credentials:
Tenant URL: Enter http://scim-api.cleverstory.io/api/1.0/azure.
Secret Token: Enter the secret token provided by Cleverstory (contact your Customer Success Manager or Cleverstory Support for assistance, this will be generated based on the workspace mentioned by the admin ).
Ensure to Click Save at the top so that you can access Mappings.
c) Mappings:
Select Provision Microsoft Entra ID Users.
Click Edit against the userName attribute and set the following:
Mapping Type: Direct
Source Attribute: mail
Target Attribute: userName
Match Objects Using This Attribute: Yes
Matching Precedence: 1
Apply This Mapping: Always
Click OK.
d) Settings:
Scope: Sync all users and groups.
Provisioning Status: ON.
Click OK.
Once this configuration is set up in Azure, you’re ready to integrate Cleverstory SSO with your Active Directory. This integration will enable automated user management, ensuring that users added or removed in your Active Directory are automatically created or disabled in Cleverstory. This synchronization simplifies account management and enhances security.
Please note that once a user is auto-provisioned from Azure, it usually takes up to 1 hour for the user to appear in Cleverstory.
SSO Automated User Management
Cleverstory has enabled automatic user management features for Microsoft Azure.
Key Features:
1. Automated User Creation
When a user is added to either Azure Active Directory, a corresponding account is automatically created in Cleverstory with a Content Designer User role by default. Follow the steps below to add users in Azure and ensure their accounts are synced seamlessly with Cleverstory.
a) Azure
Add a New User in Azure Active Directory:
Go to the Dashboard and select Microsoft Entra ID.
Under the Manage tab on the left-hand side, click Users > Select New User.
Fill in the required details and click Review + Create.
2. Assign the User to the Cleverstory Application:
Return to the Dashboard > Select Enterprise Applications and Choose the application associated with Cleverstory.
On the left-hand side under the Manage tab, click Users and Groups > Select Add User/Group.
Choose the newly created user(s) and click Save.
3. Verify User in Cleverstory:
Log in to Cleverstory.
Navigate to Settings > User Management.
Confirm that the user(s) added in Azure now appear in Cleverstory with their role set as Content Designer.
2. Automated User Removal/Disabling
If a user is either removed or disabled in Azure AD, their Cleverstory account is automatically disabled. This ensures that only active users have access to Cleverstory, aligning user access with the organization’s security policies.
a) Azure
Navigate to the User’s Account:
Go to the Dashboard and select Microsoft Entra ID.
Under the Manage section, click Users.
Select the specific user you want to disable.
Disable the Account:
Click Edit Properties > Navigate to the Settings tab.
Uncheck the Account Enabled box.
Click Save.
Once the user is disabled in Azure, the corresponding account in Cleverstory will be automatically disabled.