User directory lookup

Note: Microsoft has changed the name of Azure Active Directory to Microsoft Entra ID. However, Nintex Workflow and the help still refer to this product as Azure Active Directory.

  An administrator role is required. For information, see User roles.

Configure the User directory lookup settings to allow workflow designers to look up users and assign tasks to them. If User directory lookup is configured, you can select users from your Azure Active Directory in the Assignees field of the Assign a task to multiple users action, and the People form control.

In the User directory lookup configuration page, you can:

  • Connect to a user directory.
  • Rename and re-authenticate a connection.
  • Enable a toggle to allow external users in User Directory Lookup
  • Delete a connection.
Note: 

  • At the moment, you can only connect to Azure Active Directory or Azure Active Directory Administration.

  • You can connect to one user directory only. If you want to change Azure Active Directory Administration to Azure Active Directory, you must delete Azure Active Directory Administration and add Azure Active Directory.

Jump to:

Access the User directory lookup page

Note: To access the User directory lookup page and configure user directory connections, you must first configure Identity federation. For more information, see User Management. At the moment, you can only connect to Azure Active Directory.

  1. On the top navigation bar, click Settings.
  2. On the left, click User directory lookup.

Note: You can connect to one user directory only. If you want to change Azure Active Directory Administration to Azure Active Directory, you must delete Azure Active Directory Administration and add Azure Active Directory.

Configure a user directory

  • Nintex Workflow uses the app Nintex Workflow - Azure Active Directory Connector to create Azure Active Directory connections. This app requires the User.Read.All user permission to read all users' full and basic profiles using the Microsoft Graph API (see the Microsoft Graph permissions reference article).

    • To ensure full functionality of your Azure Active Directory connection, ask your Azure Active Directory administrator to grant permission.

    For more information on admin consent for apps in Azure Active Directory, see the Register an app with the Azure Active Directory v1.0 endpoint Microsoft Azure article.

  • The account you use to create a connection for Azure Active Directory actions must have the following Azure Active Directory permissions:

    • Read all user's full profile

    • Read all user's basic profile

    You can assign connection permissions to other users: see Manage connections.

  1. Access the User directory lookup configuration page: Click Settings and then click User directory lookup.
  2. Click Configure.
    In the Provider field, Azure Active Directory is selected by default.
  3. Click Connect.
  4. In the Connection name field, provide a connection name.
  5. Click Connect.
  6. Enter your credentials.

    7. Upon successful login, a message appears prompting you to grant or deny access to Nintex Workflow.

  7. Click the option to grant access.

    8. The tab is closed and the newly connected user directory will be listed in the Provider section.

Edit a user directory configuration

  1. Access the User directory lookup configuration page: Click Settings and then click User directory lookup.
  2. In the desired user directory record, click , and then click Edit.

    3. The edit dialog box appears.

  3. Edit the Connection name if required.
    1. Click Connect.
    2. Complete the authentication process.

Allow external users in User Directory Lookup

You can include external guest users in User Directory Lookup through your Azure Active Directory connection. When this feature is enabled, guest users will be included in search results alongside internal users, allowing you to assign tasks to them directly.

For details about adding external users, see this Microsoft article.

Note: Single sign-on must be configured using SAML for the external users to access the Nintex Workflow tenant. For information, see Configure single sign-on using SAML protocol.

  1. On the top navigation bar, click Settings.
  2. On the left menu, click User directory lookup.
  3. In the Azure Active Directory connection, turn on the Allow External Users toggle.

Delete a user directory configuration

  1. Access the User directory lookup configuration page: Click Settings and then click User directory lookup.
  2. In the desired user directory record, click , and then click Delete.
  3. Click Delete in the Delete connection prompt.

    4. Once the selected user directory configuration is deleted, it will be removed from the table.

Selection (column, field or button) Description
Configure Displays the Provider section with fields to configure a new user directory.
Provider

Provider specified when the user directory was added.

Connection name

Name specified when the user directory was added.

Date modified Date and time when the user directory was added or updated.

(Options)

Lists the following selections:

  • Edit: Allows you to rename and re-authenticate a connection.
  • Delete: Allows you to remove a connection.