Warning: This document contains instructions for adjusting synchronization settings that can adversely affect your device data, user data, and/or user mapping settings in Incident IQ. As such, only qualified personnel should proceed with making adjustments to the settings outlined in this document.
The Microsoft Azure SSO App allows administrators to seamlessly integrate Microsoft's Azure Active Directory secure single sign-on feature into Incident IQ. This provides users with the ability to confidently and easily sign in using only their Microsoft Azure associated account. The following guide is designed to provide step-by-step instructions on how to manage the Microsoft Azure SSO App in Incident IQ.
Not what you were looking for? Perhaps one of these other guides will help:
- Microsoft Azure SSO App Management - A guide designed to provide step-by-step instructions on how to install the Microsoft Azure SSO App in Incident IQ.
- Managing Incident IQ Apps - A guide designed to provide a brief overview of Incident IQ Apps and how to access app management.
You can use the following links below to quickly navigate to a specific section in this document. To quickly return to this index simply use the Return to Index link located at the end of any section.
- App Management
- Overview Tab
- User Mappings Tab
- Location Mappings Tab
- Role Mappings Tab
- Sync History Tab
- User History Tab
On the left side bar click Incident IQ Apps, and then Manage. To the right of Microsoft Azure SSO click on Manage.
This will take you to the Microsoft Azure SSO App management page where you will be able to select the following tabs:
- Overview: where you can view basic user and group data, reset your authentication status or run a manual sync with your Google directory.
- User Mappings: where you can update your filter settings and email translations.
- Location Mappings: where you can change the default location users will automatically map to if they do not have an existing mapping in the system.
- Role Mappings: where you can change the role users will automatically map to if they do not have an existing mapping in the system.
- Sync History: access to view your sync history between Goggle SSO and Incident IQ.
- User History: search for any user's information with your SSO integration.
The Overview tab provides you with a brief summary of your current users, groups, and changes made to users in Incident IQ during the last sync with Microsoft Azure SSO.
Reset your authentication status with Microsoft Azure from here by clicking on Reset. Also, you have the option of forcing a manual sync with your Azure directory by clicking Start New Sync.
User Mappings Tab
This tab allows you to filter users from being imported, translation information, and manage user accounts being created, updated, and deactivated.
Under the Filter section, you can select to include or exclude users being imported based on their email address, OU fragment(s), and group(s). Please note, you can only filter by one email address.
- Example Email Filter: If you select to exclude and email address and set a filter for "@iiq.k12.ga.us", Incident IQ will automatically excluded these email addresses containing this string during a sync.
- Example OU Fragment Filter: Setting a wildcard OU Filter of "Guests" will ensure that all users that belong to an OU with the word "Guests" in it will not import during a sync.
Next is the Mapping section. Here you control how fields are populated in Incident IQ.
- Translate Username: This enables Incident IQ to translate username pulled from Azure into a uniform format when storing in iiQ.
- Email Translation: This enables Incident IQ to translate email addresses pulled from Azure into a uniform format when storing in iiQ. This is useful, and often necessary when using Incident IQ in conjunction with programs such as Infinite Campus.
- Example: Setting a translation to find "@azure.com" and replace it with "@iiq.k12.ga.us" will ensure that all "@azure.com" addresses are updated and stored as "@iiq.k12.ga.us" in iiQ only. This will not make any changes to the addresses stored within Azure itself.
- Phone Number Mapping: select if you want to import phone numbers and the mapping process.
Control how users are populated in iiQ under the Import Handling section.
- Create User: When enabled, a new user will be created in Incident IQ for any new users found during the initial import from Azure, as well as any new users found when a sync is run.
- Update User: When enabled, a user will be updated in Incident IQ when any changes are found during a sync. This will update custom fields as well.
- Update Custom Fields: When enabled, only update custom fields for users when any changes are found during a sync.
- Set to 'No Access': When enabled, if a user is removed or disabled in Azure change their role to no access in Incident IQ.
The Map custom values section allows you can select additional values you wanted imported and map them to default or custom fields in iiQ. This gives you the ability to pull in custom data fields and custom view column options. Click on the Add button.
Next, fill out the following field mapping options:
Please note, there may be pre-configured mapping and they can not be changed.
- Select the custom value
- Select the iiQ field the custom value should map too. You can map to default field or map to a custom field.
- If you map to a Custom Field, you will need to set a field name, select a field type (text, number, or date), and set whether the field information needs to be searchable through filters.
Under the Additional Options section you can customize the Login Button Text. By default, the login button text is set to Microsoft Azure.
Last section is Field Mappings. Controls which fields this app should updated.
Location Mappings Tab
This tab allows you to select or modify your current location mappings between Incident IQ and Microsoft Azure SSO. You are also able to modify your current default location for any users that do not have a mapped location during an import or sync. When mapping to locations, you can map by groups, location name, or both.
Role Mappings Tab
This tab allows you to select or modify how users are mapped to the different roles in Incident IQ. When mapping to roles, you can use groups, role name, or both. Also, you can add one or multiple user groups or role names to each role using the Custom Mapping section. Additionally, you can select the default role for users that do not have an assigned role mapping.
Sync History Tab
This tab allows you to look up the data for any sync between Microsoft Azure SSO and Incident IQ. Every sync, whether it completed successfully or not, is logged for reference purposes and available for review.
Also, you can filter the sync data under the Details Status section. Select the status you would like to filter by and start entering in the users name or email address. Clicking on the users link will take you to the user history tab.
User History Tab
This tab allows you to search for any user's Azure SSO information. This includes their Azure ID, email addresses, Group Membership, and their sync history. This information is useful in quickly determining if the user is affected by any email translations, establishing their group mappings, and identifying if syncing between the systems is being suppressed.