Skip to main content
Skip table of contents

User Directory Synchronization and SSO

Synchronize users

Organization Administrators can synchronize users against a user directory. The user directories currently supported are

  • LDAP directory (such as Microsoft AD)

  • Microsoft Azure AD

To set up directory synchronization, go to Organization → [Your organization] → User Directories

To, e.g. connect to Azure AD, press “New Azure AD connection.”

Optionally, give the directory a name and an Active Directory group to filter. Only users in this group will then be added to dRofus. Click “New Entra directory.” If no filtered groups are used, all Azure AD users will be considered to connect with.

image-20250606-172852.png

Next, press “Login” to log in to the directory. The system will return to the User Directories tab after being redirected to Microsoft to log in with an account with permission to read your directory.

Select Edit to revise a previously created directory. Note that a new login is required to sync the directory. Users that are linked to an directory will show below.

image-20250606-172923.png

Define the Active Directory group name that matches in Entra.

image-20250606-172940.png

Next, press Sync to test the synchronization. Note that a preview of the users who will be added.

image-20250325-135205.png

Preview of Active Directory Sync

Users without a first and last name in the directory will be skipped.

The directory will control the user's existence, and you can not delete the user without doing so from the directory. The username, email, and first and last name will be updated from the directory, and it is also impossible to change them from the admin system anymore. If anything changes in the directory, users' information (email, first and last name) will be updated. If users have the same username as the one in the directory, the directory will take control, too.

If a user is removed from the Active Directory, the following will happen:

  • Member: The User account will be disabled

  • Guest: Project access will be disabled for all projects to which the guest has access from the organization.

The directory will be synchronized once a day.

If the Entra system does not find the Active Directory group, the admin will see an error message

image-20250606-173109.png

User authentication

Users can authenticate through Microsoft from the login page on dRofus WEB. To do this, their username in Microsoft Azure Active Directory must match their username in dRofus. This can be accomplished using the sync above or by ensuring their usernames match. Existing users with the same username in Azure Active Directory and dRofus can also use this feature. Log in from the web and the desktop (2.7 and above) using the “Use Modern Signin” at the login screen.

Currently, there are some limitations to be aware of:

  • Accessing the API via Active Directory login is not supported.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.