Setting up and configuring active directory sync
Once you have SSO enabled, you can begin the process of implementing directory sync for your account. This will allow you to both create users in Autodesk Account and, using groups, have the new users assigned to software entitlements without you having to access Autodesk Account. Once implemented, synced users and groups are read-only in Autodesk Account and can only be modified by making changes in your active directory and pushing the changes.
How to Set Your Directory Method in Autodesk Account
To begin an active directory implementation, you must set your directory sync method, as shown in the Setting Up Directory Sync video below and described in the following steps:
- Ensure that you have SSO admin or primary admin permissions in Autodesk Account. If not, contact the primary admin to request these permissions. If you do not have these permissions, you will not be able to set your directory sync method.
- Launch manage.autodesk.com and log in.
- Select By User or By Group in the navigation panel.
- Select the Premium plan team for which you will be assigning directory sync from the drop-down list.
- Select (Team settings) in the top-right corner of the page.
- Click Set up directory sync. Note that if the option is not selectable, this means that single sign-on has not been enabled yet. It must be enabled prior to implementing directory sync.
- Select the required directory sync method to begin your implementation. The three options are:
- On-premises: Use this method if your company stores their active directory on local servers.
- Okta SCIM: Use this method if your company uses Okta as your identity provider. This provider stores the active directory in the cloud.
- Azure AD SCIM: Use this method if your company uses Azure as your identity provider. This provider stores the active directory in the cloud.
- Click Next to confirm the selection. The remaining options in setting up your directory sync method in Autodesk Account will vary depending on which option you selected.
- Depending on your directory sync method, complete the following assignment:
- For On-premises, you must select the primary or SSO admin that will be setting up the directory sync connection to Okta. Select the name from the drop-down list. If the name is not in the list, ensure that the person is listed as a user in your account and that they have been assigned as a primary or SSO admin. Once the name is selected, click Select admin to send them an Okta account activation email. This Okta account is required for the next procedures. The activation link that is sent is valid for 7 days.
- For Okta SCIM and Azure AD SCIM, you will now be presented with connector/admin credentials that will be needed to set up directory sync in Okta and Azure. Use the Copy buttons to copy both the Tenant URL and the Secret token values. Copy these values into a document that you can reference in the next stages or that you can share with the administrators. Do not share this data outside your organization.
Continue to the setup and configuration steps that align with the directory sync method you have selected. The following videos have been provided below to explain the steps:
- Configuring Directory Sync with Okta (SCIM)
- Configuring Directory Sync with Microsoft Azure (SCIM)
- Installing the Active Directory Agent (On Premise)
- Configuring the Active Directory Agent (On Premise)