- Capabilities supported
- Prerequisites
- Step 1: Plan your provisioning deployment
- Step 2: Define who will be in scope for provisioning
- Steg 3: Issue a access token for Microsoft Entra ID
- Step 4: Configure automatic user and group provisioning to Comfact Signature
- Step 5: Monitor your deployment
The objective of this tutorial is to show you the steps you need to perform in Comfact Signature and Microsoft Entra ID to automatically provision and de-provision user accounts from Microsoft Entra ID to Comfact Signature. For important details on what this service does, how it works, and frequently asked questions, see Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID.
- Create users in Comfact Signature
- Remove users in Comfact Signature when they do not require access anymore
- Keep user attributes synchronized between Microsoft Entra ID and Comfact Signature
- Provision groups and group memberships in Comfact Signature
The scenario outlined in this tutorial assumes that you already have the following items:
- Learn about how the provisioning service works.
- Determine who will be in scope for provisioning.
- Determine what data to map between Microsoft Entra ID and Comfact Signature.
The Microsoft Entra provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following steps to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described here.
- Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an attribute based scoping filter.
- If you need additional roles, you can update the application manifest to add new roles.
This section guides you through issuing a access token from Comfact Signature to use in Microsoft Entra ID. You will need to have a user in Comfact Signature with the role admin to get started.
- Login to the admin user
- Go to the navigation bar and go to the tools section page.
- There, you will find a panel for issuing an access token for use in Microsoft Entra ID.
- Issue the access token, then copy and save the output in the box. This is the secret token, which will be used in the next step.
- The view now contains the access token. If you have more than one identity provider, you will need to select the one you are going to use in the dropdown. And copy the text in the box, this is your tenant URL and will be used in the next step.
This section guides you through connecting your Microsoft Entra ID to Comfact Signature user provisioning, and configuring the provisioning service to create, update, and disable assigned user in Comfact Signature based on user and group assignment in Microsoft Entra ID.
To configure automatic user account provisioning to Comfact Signature in Microsoft Entra ID:
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Identity > Applications > Enterprise applications
- In the applications list, select your application.
- Select the Provisioning tab.
- Set the Provisioning Mode to Automatic.
- Under the Admin Credentials section, fill in the Tenant URL and the Secret Token with the data from step 3.
- Select Save.
- Under the Mappings section, select Provision Microsoft Entra ID Users
- In the Attribute Mappings section, review the user attributes that will be synchronized from Microsoft Entra ID to Comfact Signature. Note that the attributes selected as Matching properties will be used to match the user accounts in Comfact Signature for update operations. Select the Save button to commit any changes.
| Attribute |
Type |
| externalId |
String |
| active |
Boolean |
| displayName |
String |
| emails[type eq “work”].value |
String |
| userName |
String |
| phoneNumbers[type eq “work”].value |
String |
| roles[primary eq “True”].value |
String |
The two roles a user can have are:
| Name |
String |
Role |
| User |
User |
For regular users |
| Customer Administrator |
Customer Administrator |
For administrator users |
- Under the Mappings section, select Provision Microsoft Entra ID Groups
- In the Attribute Mappings section, review the groups attributes that will be synchronized from Microsoft Entra ID to Comfact Signature. Note that the attributes selected as Matching properties will be used to match the groups in Comfact Signature for update operations. Select the Save button to commit any changes.
| Attribute |
Type |
| displayName |
displayName |
| externalId |
objectId |
| members |
members |
- To configure scoping filters, refer to the following instructions provided in the Scoping filter tutorial.
- To enable the Microsoft Entra provisioning service for Comfact Signature, change the Provisioning Status to On in the Settings section
- Define the users and/or groups that you would like to provision to Comfact Signature by choosing the desired values in Scope in the Settings section.
- When you are ready to provision, click Save.
Once provisioning is enabled, you can monitor the status and error messages directly from the Provisioning tab of your application in the Microsoft Entra admin center.