Provision Azure AD to WorkZone

WorkZone uses users and groups from Azure Active Directory (Azure AD). In WorkZone, users represent WorkZone users and groups represent security codes, access codes, and profiles..

Azure AD runs the provisioning of users and groups from Azure AD to WorkZone every 40 minutes. See 5. Assign users and groups to the enterprise application.

Group for WorkZone security codes

The attribute display name must start with a prefix. By default, this is ‘WZ_SEC_’ followed by a digit 1 to 9, for example ‘WZ_SEC_6’. The formal display name definition is <prefix><n> where n can be a digit from 1 to 9.

The prefix must be the same for all WorkZone security groups.

Only users can be members of security groups. If a user is member of more than one WorkZone security group, the security code assign to the user will be the highest one.

Group for WorkZone access codes

The attribute display name must start with a prefix. By default, this is ‘WZ_ACC_’ followed by the access code, for example ‘WZ_ACC_ALLEEMNER’. The formal display name definition is <prefix><access code>.

The prefix must be the same for all WorkZone access codes groups.

Only users can be members of access code groups.

Group for WorkZone profile groups

The attribute display name must start with a prefix. By default this is ‘WZ_PRO_’ followed by the profile name, for example ‘WZ_PRO_OFFICER’. The formal display name definition is <prefix><profile name>.

The prefix must be the same for all WorkZone profile groups.

Members of profile groups can be users, access code groups, profile groups, and security groups.

Only one security group is supposed to be member of a profile. If there are more than one security group, the highest security code is assigned to the profile.

The access code assigned to a profile is the union of access code members in the profile and all other profiles that the profile group s member of directly or indirectly.

Example: If the WZ_PRO_OFFICER profile group has the WZ_ACC_ALLEEMNER access_code groupas member, and the WZ_PRO_ADMIN profile group has the WZ_ACC_ADMIN access_code group and WZ_PRO_OFFICER profile group as member, then WZ_PRO_ADMIN profile group will be assigned ALLEEMNER and ADMIN access code.

A user’s security code

If a user is member of more than one security group, directly by being member of a WorkZonesecurity group or indirectly by being a member of a WorkZone profile group, the following rule applies:

  • Direct membership overrules indirect membership, and the highest security code is used.

  • If a user is not member of any WorkZone security group, the user is not replicated to WorkZone.

A user’s access codes

The access code that will be assigned to a user is the union of the access code from the access code group that the user is member of and access code that is assigned to the profiles that the user is member of.

Mapping of columns for a user

 

Azure AD

WorkZone

Note

User principal Name

Users.user_name,

Name.name_code (name_type = ‘M’)

Employee.name_code

The characters from beginning up to the @ character is transferred, it must not exceed the number of characters defined in contact type for name_type M, no more than 30 characters.

User principal Name

Users.upn

Must be maximum 512 characters long.

First name

Name.name1

Employee.name1

Maximum 60 characters is transferred.

Last name

Name.name2

Employee.name2

Maximum 60 characters is transferred.

Steeet address

(work)

Name_address.address1

Name_address.address2

Name_address.address3

Maximum 150 characters in address1, 2, and 3, but trying to split by a blank character. It means that maximum 450 characters will be transferred.

Country or region

(work)

Name_address.country

Only transferred, if it matches a country in the WorkZone country table. (ISO alfa2 standard).

Zip or postal code

(work)

Name.post_code

Only transferred, if it matches a postal code in the WorkZone postcode table.

Office phone (work)

Name_address.phone_no

Must be maximum 25 characters long, otherwise it will not be transferred.

Mobile phone (mobile)

Name_address.cell_phone_no

Must be maximum 25 characters long, otherwise it will not be transferred.

Email (work)

Name.email

Must be maximum 25 characters long, otherwise it will not be transferred.