Provision Microsoft Entra ID users

System administrators can configure Microsoft Entra ID Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in: External resources, such as Microsoft Office 365, the portal, and other SaaS applications. Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organisation. (formerly Microsoft Azure Active Directory) to automatically create, update, or disable users in your Nintex Process Manager site.

  • Create: Automatically creates a new user in your Nintex Process Manager site, when the user is added to your Nintex Process Manager application in the Microsoft Azure portal.
  • Update: Automatically updates changes made to an existing user in your Nintex Process Manager site, when the user details are updated in your Nintex Process Manager application in the Microsoft Azure portal.
  • Delete: Disables an existing user in your Nintex Process Manager site, when the user is removed from your Nintex Process Manager application in the Microsoft Azure portal.
Important: 
  • Microsoft recommends assigning a single Microsoft Entra ID user to Nintex Process Manager to test the automatic user provisioning configuration. Additional users can be assigned later.
  • When assigning a user to Nintex Process Manager, you must select any valid application-specific role (if available) in the assignment dialog. Users with the Default Access role are excluded from provisioning.
  • Microsoft Entra ID uses a concept called assignments to determine which users should receive access to selected apps. In the context of automatic user provisioning, only the users and/or groups that have been assigned to an application in Microsoft Entra ID are synchronized. For more information, see: Assign a user or group to an enterprise app.

  • Groups are currently not supported for the Nintex Process Manager connector and users will not be correctly provisioned/deprovisioned when added/removed from the scope defined by group.

Prerequisites

You must have the following prerequisites configured before you start:

Once you have the prerequisites configured, follow the details in the sections below.

Configure the Microsoft Azure portal

Follow these steps to configure the Microsoft Azure portal for automatic user provisioning to Nintex Process Manager.

Before you start Ensure you have generated the SCIM access token as described in Create a SCIM access token.

Before configuring Nintex Process Manager for automatic user provisioning with Microsoft Entra ID, you need to add Nintex Process Manager from the Microsoft Entra ID application gallery to your list of managed SaaS applications.

Follow these steps to add the Nintex Process Manager application:

  1. Sign in to your Microsoft Azure portal.
  2. In the left navigation pane, click Azure Active Directory.
  3. Click Enterprise applications and then click All applications.
  4. Click + New application from the top pane.
  5. Type Nintex Process Manager in the Search box.
  6. Select Nintex Process Manager from the search results.
  7. Type a Name which will help you to identify the application for users in your organisation on the Access Panel.
  8. Click Add.

The Nintex Process Manager application is added to the Microsoft Azure portal and you can now setup automatic user provisioning from the Microsoft Azure portal to your Nintex Process Manager site.

For more information, see Add the Nintex Promapp application.

Before configuring and enabling automatic user provisioning, you should decide which users in Microsoft Entra ID need access to Nintex Process Manager.

Important: 
  • Microsoft recommends assigning a single Microsoft Entra ID user to Nintex Process Manager to test the automatic user provisioning configuration. Additional users can be assigned later.
  • When assigning a user to Nintex Process Manager, you must select any valid application-specific role (if available) in the assignment dialog. Users with the Default Access role are excluded from provisioning.
  • Microsoft Entra ID uses a concept called assignments to determine which users should receive access to selected apps. In the context of automatic user provisioning, only the users and/or groups that have been assigned to an application in Microsoft Entra ID are synchronized. For more information, see: Assign a user or group to an enterprise app.

  • Groups are currently not supported for the Nintex Process Manager connector and users will not be correctly provisioned/deprovisioned when added/removed from the scope defined by group.

  1. Sign in to your Microsoft Azure portal.
  2. In the left navigation pane, click Azure Active Directory.
  3. Click Enterprise applications and then click All applications.

  4. Search and select the Nintex Process Manager application you have added to configure automatic user provisioning.

  5. In the left-pane, click Users and groups.
  6. Click + Add user.
  1. In the Add Assignment page, click > and then search for the user you want to add.
  1. Click Select.

Note: The Select Role field is set to User and cannot be changed. The selected user is created with User privileges in your Nintex Process Manager site.

  1. Click Assign.

The user is added to the Nintex Process Manager application.

  1. Sign in to your Microsoft Azure portal.
  2. In the left navigation pane, click Azure Active Directory.
  3. Click Enterprise applications and then click All applications.

  4. Search and select the Nintex Process Manager application you have added to configure automatic user provisioning.

  5. In the left-pane, click Provisioning.
  6. In the right-pane, from the Provisioning Mode drop-down list, select Automatic.
  7. To authenticate and connect to the Nintex Process Manager site, expand the Admin Credentials section:
  1. In the Tenant URL field, type https://api.promapp.com/api/scim.
  2. In the Secret Token field, paste the SCIM access token.
  3. Click Test Connection. A success message is displayed on the top-right of the page.
  4. If you want to be notified, select the Send an email notification when a failure occurs check box and type the Notification Email.

Note: Click Save on the top of the page to enable and configure the Mappings and Settings sections.

  1. To define how the data should flow between Microsoft Entra ID and Nintex Process Manager, expand the Mappings section and click Synchronize Entra ID Users to Promapp.
  1. Verify the details on the Attribute Mapping page.
    • The Enabled toggle is set to Yes (default).
    • The Source Object Scope displays All records (default). To configure scoping filters, click > and for more information, see Scoping filters tutorial.
    • The following Target Objects are displayed and selected (default):
      • Create: Automatically creates a new user in your Nintex Process Manager site, when the user is added to your Nintex Process Manager application in the Microsoft Azure portal.
      • Update: Automatically updates changes made to an existing user in your Nintex Process Manager site, when the user details are updated in your Nintex Process Manager application in the Microsoft Azure portal.
      • Delete: Disables an existing user in your Nintex Process Manager site, when the user is removed from your Nintex Process Manager application in the Microsoft Azure portal.
    • Review the Attribute Mappings. The attributes selected as Matching properties are used to match the user accounts in Nintex Process Manager for update operations. The table describes the field mapping in your Nintex Process Manager site.

      • Nintex Process Manager attribute in

      Microsoft Azure portal

      		Nintex Process Manager field
      user.userprincipalname

      Logon Username

      user.Not([IsSoftDeleted])Active
      user.givennameFirst Name
      user.surnameLast Name
      user.mailEmail

    • To edit the mappings, click on the attribute name to display the Edit Attribute pane. For more information, see Editing user attribute mappings.

    • You must specify the user.Not([IsSoftDeleted]) attribute to disable a user.

    • Click Save if you make any changes or go back to the Provisioning page by clicking the link on the top of the page.
  2. In the Settings section:
    1. Select On to enable the Provisioning Status toggle.
    2. Select the appropriate option from the Scope drop-down list.
  3. Verify all your settings and click Save on the top of the page when you are ready to start provisioning.
    4. Note: 
    • When you click Save, the initial synchronization of all users and/or groups based on the option selected from the Settings > Scope drop-down list.
    • The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Microsoft Entra ID provisioning service is running.

View provisioning status and logs

To monitor progress and view Audit logs, see the Current Status and Statistics to Date sections at the end of the Provisioning page. TheCurrent Status and Statistics to Date display details for all actions performed by the Microsoft Entra ID provisioning service on Nintex Process Manager.

For more information, see Reporting on automatic user account provisioning.

Troubleshooting

For more information, see Troubleshoot user provisioning.

Additional resources