Provision Azure AD to WorkZone
WorkZone uses users and groups from Azure Active Directory (Azure AD). In WorkZone, users represent WorkZone users and groups represent security codes, access codes, and profiles..
Azure AD runs the provisioning of users and groups from Azure AD to WorkZone every 40 minutes. See 5. Assign users and groups to the enterprise application.
Group for WorkZone security codes
The attribute display name must start with a prefix. By default, this is ‘WZ_SEC_’
followed by a digit 1 to 9, for example ‘WZ_SEC_6’
. The formal display name definition is <prefix><n> where n can be a digit from 1 to 9.
The prefix must be the same for all WorkZone security groups.
Only users can be members of security groups. If a user is member of more than one WorkZone security group, the security code assign to the user will be the highest one.
Group for WorkZone access codes
The attribute display name must start with a prefix. By default, this is ‘WZ_ACC_’
followed by the access code, for example ‘WZ_ACC_ALLEEMNER’
. The formal display name definition is <prefix><access code>
.
The prefix must be the same for all WorkZone access codes groups.
Only users can be members of access code groups.
Group for WorkZone profile groups
The attribute display name must start with a prefix. By default this is ‘WZ_PRO_’
followed by the profile name, for example ‘WZ_PRO_OFFICER’
. The formal display name definition is <prefix><profile name>
.
The prefix must be the same for all WorkZone profile groups.
Members of profile groups can be users, access code groups, profile groups, and security groups.
Only one security group is supposed to be member of a profile. If there are more than one security group, the highest security code is assigned to the profile.
The access code assigned to a profile is the union of access code members in the profile and all other profiles that the profile group s member of directly or indirectly.
A user’s security code
If a user is member of more than one security group, directly by being member of a WorkZonesecurity group or indirectly by being a member of a WorkZone profile group, the following rule applies:
-
Direct membership overrules indirect membership, and the highest security code is used.
-
If a user is not member of any WorkZone security group, the user is not replicated to WorkZone.
A user’s access codes
The access code that will be assigned to a user is the union of the access code from the access code group that the user is member of and access code that is assigned to the profiles that the user is member of.
Mapping of columns for a user
Azure AD |
WorkZone |
Note |
---|---|---|
User principal Name |
Users.user_name, Name.name_code (name_type = ‘M’) Employee.name_code |
The characters from beginning up to the @ character is transferred, it must not exceed the number of characters defined in contact type for name_type M, no more than 30 characters. |
User principal Name |
Users.upn |
Must be maximum 512 characters long. |
First name |
Name.name1 Employee.name1 |
Maximum 60 characters is transferred. |
Last name |
Name.name2 Employee.name2 |
Maximum 60 characters is transferred. |
Steeet address (work) |
Name_address.address1 Name_address.address2 Name_address.address3 |
Maximum 150 characters in address1, 2, and 3, but trying to split by a blank character. It means that maximum 450 characters will be transferred. |
Country or region (work) |
Name_address.country |
Only transferred, if it matches a country in the WorkZone country table. (ISO alfa2 standard). |
Zip or postal code (work) |
Name.post_code |
Only transferred, if it matches a postal code in the WorkZone postcode table. |
Office phone (work) |
Name_address.phone_no |
Must be maximum 25 characters long, otherwise it will not be transferred. |
Mobile phone (mobile) |
Name_address.cell_phone_no |
Must be maximum 25 characters long, otherwise it will not be transferred. |
Email (work) |
Name.email |
Must be maximum 25 characters long, otherwise it will not be transferred. |