In order to enable seamless user and permissions management in Venn, Venn offers integrations with third-party Identity Providers (IdPs), including Microsoft Entra ID (formerly Azure Active Directory).

If you configure Entra as your Venn Identity Management solution, your users will be created, modified, and deleted in Entra and synced to Venn. Additionally, users' Venn login information will be managed through Entra.

Learn how to manage Venn user access with Entra as your IdP.

Requirements for SCIM Provisioning

User Provisioning Requirements

In order to successfully sync over users, your Microsoft Entra ID user records must include these required fields:

• First Name (givenName in Entra)
• Last Name (surname in Entra)
• Email (mail in Entra)

Additionally, your Microsoft Entra ID users' userPrincipleName values must meet the following criteria:

• Length: The string must be between 2 and 40 characters long.
• Allowed characters:
  • Numbers 0-9
  • Uppercase letters A-Z
  • Lowercase letters a-z
  • Hyphen/dash -
  • Underscore _

Any users in Entra that do not meet this criteria will fail to provision. 

Group Provisioning Requirements (Optional)

You may choose to assign the Venn app by group in Entra rather than assigning it to individual users.

In order to grant access to Venn for by group in Entra, you must have Entra ID Premium Licensing.

In order to successfully sync over groups, your Microsoft Entra ID groups' displayName values must meet the following criteria:

• Length: The string must be between 3 and 18 characters long.
• Allowed characters:
  
  • Numbers 0-9
  • Uppercase letters A-Z
  • Lowercase letters a-z
  • Hyphen/dash -
  • Underscore _
  • Space   (can be in any position)

Any groups with names that do not meet this criteria will fail to provision. 

Set up Entra as Your IdP

In order to set up Entra as your Venn IdP, you must have Admin access to Entra.

To set up Entra as your IDP:

1. The Venn team or a Venn partner will guide you through the process of changing your Identity Provider to Entra in Venn's Company Admin. This will add the Workplace enterprise app in Entra for your organization. 
2. Log in to Entra with an account that has administrator permissions.
3. Click Accept on the Permissions requested screen to create a Workplace enterprise app for your organization in Entra, provision access to the Workplace app for users and groups in Entra, and enable Entra SSO for Workplace.

   

4. Navigate to Identity > Applications > Enterprise applications > All applications.
5. Locate and click on the Workplace enterprise app in the application list.

   

6. In the menu at left, click Provisioning.

   

7. Click Edit attribute mappings.

   

8. Click Provision Microsoft Entra ID Users.

   

9. Update the Attribute Mappings so that your screen matches the screenshot below.

   

   Typically, you will need to make the following changes:

   1. Click Add New Mapping. Create an attribute that maps the source attribute immutableId to the target attribute nickName, leaving all other values as default so that the mapping matches the screenshot below.

      

   2. Edit the externalid attribute. Change the source attribute to objectID so that the mapping matches the screenshot below.

      

   3. Remove the following attributes:
      • displayName
      • Title
      • preferredLanguage
      • Name.formatted
      • All address fields
      • All phoneNumber fields except mobile
      • All three urn:ietf:params:scim:schemas:extension:enterprise2.0 fields

Once these steps are complete, Entra will be set up as you IdP for Venn and users will be provisioned into Venn from Entra.

Manage User Access to Venn when Entra is Your IdP

Follow the steps in this article to manage user access to Venn once you have set up Entra as your IdP.