Azure Active Directory
Note: Microsoft has changed the name of Azure Active Directory to Microsoft Entra ID. However, Nintex Automation Cloud and the help still refer to this product as Azure Active Directory.
Azure Active Directory is a cloud-based directory service developed by Microsoft that helps organizations manage customer and employee information. Basic features include use of directory objects, federated authentications, and password protections. Enterprise and premium editions offer more capabilities. For more information on Azure Active Directory, see the company website.
In the context of Nintex Automation Cloud, Azure Active Directory is a connector A software component that allows seamless integration with third-party services, business applications, and content stores. Examples include Salesforce, Box, and Microsoft SharePoint. Connectors are used to create connections required for workflow actions and start events.. The Azure Active Directory connector A software component that allows seamless integration with third-party services, business applications, and content stores. Examples include Salesforce, Box, and Microsoft SharePoint. Connectors are used to create connections required for workflow actions and start events. is used to create connections for Azure Active Directory actions A tool for building the processes, logic, and direction within workflows. Actions are the steps the workflow performs to complete a process.. Use Azure Active Directory actions to get specific information about users and managers in your organization, and to search for users in Azure Active Directory based on conditions you specify.
While you can use any editions of Azure Active Directory, the premium editions include more features designed for password resets, third-party integrations, identity protection, and more. See Azure Active Directory pricing for more information.
Nintex Automation Cloud supports connections to Azure Active Directory Commercial and FedRAMP-compliant Azure Active Directory GCC environments. See Create an Azure Active Directory connection below.
Create an Azure Active Directory connection
Create a connection from the connections page or from the action configuration panel when configuring the action. You can use the Azure Active Directory connector to create connections to both Azure Active Directory Commercial and FedRAMP-compliant Azure Active Directory GCC environments.
For information about creating connections and assigning permissions, see Manage connections.
Note: Your browser-stored credentials are accessed to create connections. Either clear credentials from browser memory or make sure the stored credentials are for the intended environment.
Azure Active Directory account requirements
-
Type of Azure Active Directory edition required to use with Nintex Automation Cloud:
While you can use any editions of Azure Active Directory, the premium editions include more features designed for password resets, third-party integrations, identity protection, and more. See Azure Active Directory pricing for more information.
- Nintex Automation Cloud uses the app Nintex Automation Cloud - Azure Active Directory Connector to create Azure Active Directory connections.
- The account you use to create a connection for Azure Active Directory actions must have the following Azure Active Directory permissions:
-
Read all user's full profile
-
Read all user's basic profile
To ensure full functionality of your Azure Active Directory connection, ask your Azure Active Directory administrator to grant permission.
For more information on admin consent for apps in Azure Active Directory, see the Register an app with the Azure Active Directory v1.0 endpoint Microsoft Azure article.
Create an Azure Active Directory data lookup
Use the Azure Active Directory data lookup to create a drop-down list of Azure Active Directory users in a form. Each data lookup is configured for a specific account. You can create as many data lookups as you need. For more information on creating a data lookup and assigning permissions to it, see Data lookups.
For example, to allow users to select a specific Azure Active Directory user in a form, add a drop-down list of users to the form using a Data lookup control A form control that allow users to select from a drop-down list that has values sourced from a third-party service.. The Data lookup form control uses a Azure Active Directory - Query users data lookup to list the users in your organization's directory.
You can create a data lookup to:
- Query users: List all the users listed in your organization's directory based on conditions you specify.
-
Get manager details: Lists all the details of the managers in your organization's directory. Note that this data lookup will not work using a Data lookup form control; it will only work using an external data lookup.
-
Get members of an Azure Active Directory group: Lists all the members in a group that you specify in your organization's directory.
The output of the Azure Active Directory - Query users action has been updated to include a collection variable named Users to store the properties of the users returned by the query. Existing Azure Active Directory data lookups created before the output of the action was updated will work but you may see an error if you try to edit existing Azure Active Directory data lookup. If you want to leverage the new functionality in your data lookup you must create a new data lookup. If you want to use a new Azure Active Directory data lookup or if you encounter an error when you edit an existing Azure Active Directory data lookup:
-
Delete the existing Azure Active Directory data lookup.
-
Create a new Azure Active Directory data lookup.
-
If you have any Data lookup form controls using the old Azure Active Directory data lookup, reconnect it to the new data lookup.
Azure Active Directory data lookup fields
To access the data lookup fields, in the Add data lookup section, select the Azure Active Directory Connector and the Operation.
The following operations are available for the Azure Active Directory connector:
-
Query users
-
Get manager details
-
Get members of an Azure Active Directory group
Operation |
Field or selection |
Description |
---|---|---|
Query users | Connection |
The available Azure Active Directory connections. |
Maximum number of users to return |
The maximum number of user records to be retrieved from the directory. |
|
Conditions |
Conditional statement(s) to use for the query. Important: The Contains operator is not supported by the Azure Active Directory connector. Conditions fields and selections
|
|
Columns |
The list of columns to be made available in the Azure Active Directory data lookup. Leave this blank to retrieve all columns. You must select the columns that you want to use for the Azure Active Directory data lookup. Only the selected columns are available for selection in any Data lookup form control using this data lookup. After you select the columns in the data lookup, you cannot select any additional columns in the Data lookup configuration. If you don't select any columns when creating the data lookup you can configure the Columns in the Data lookup form control. |
|
Get manager details | Connection |
The available Azure Active Directory connections. |
Employee email address | The email address or principal name of the manager (e.g., davidj@domain.com). | |
Get members of an Azure Active Directory group | Connection |
The available Azure Active Directory connections. |
Group name | The Azure Active Directory group name. |