User Directory Synchronization and SSO
Synchronize users
Organization Administrators can synchronize users against a user directory. The user directories currently supported are
LDAP directory (such as Microsoft AD)
Microsoft Azure AD
To set up directory synchronization, go to Organization → [Your organization] → User Directories
To, e.g. connect to Azure AD, press “New Azure AD connection.”
Optionally, give the directory a name and an Active Directory group to filter. Only users in this group will then be added to dRofus. Click “New Entra directory.” If no filtered groups are used, all Azure AD users will be considered to connect with.

Next, press “Login” to log in to the directory. The system will return to the User Directories tab after being redirected to Microsoft to log in with an account with permission to read your directory.
Select Edit to revise a previously created directory. Note that a new login is required to sync the directory. Users that are linked to an directory will show below.

Define the Active Directory group name that matches in Entra.

Next, press Sync to test the synchronization. Note that a preview of the users who will be added.

Preview of Active Directory Sync
Users without a first and last name in the directory will be skipped.
The directory will control the user's existence, and you can not delete the user without doing so from the directory. The username, email, and first and last name will be updated from the directory, and it is also impossible to change them from the admin system anymore. If anything changes in the directory, users' information (email, first and last name) will be updated. If users have the same username as the one in the directory, the directory will take control, too.
If a user is removed from the Active Directory, the following will happen:
Member: The User account will be disabled
Guest: Project access will be disabled for all projects to which the guest has access from the organization.
The directory will be synchronized once a day.
If the Entra system does not find the Active Directory group, the admin will see an error message

User authentication

Users can authenticate through Microsoft from the login page on dRofus WEB. To do this, their username in Microsoft Azure Active Directory must match their username in dRofus. This can be accomplished using the sync above or by ensuring their usernames match. Existing users with the same username in Azure Active Directory and dRofus can also use this feature. Log in from the web and the desktop (2.7 and above) using the “Use Modern Signin” at the login screen.
Currently, there are some limitations to be aware of:
Accessing the API via Active Directory login is not supported.