User Provisioning via Microsoft 365

This integration with Microsoft 365 / Azure Active Directory is part of H5mag Enterprise. Contact us to learn more.

Features

H5mag is also available in the Microsoft 365 Gallery. Linking H5mag to your Microsoft 365 environment will allow you to use the Microsoft environment to log in to H5mag and create, edit and remove users in the H5mag app from within Microsoft 365.

Requirements

To set up an Microsoft 365 integration, you will need an Enterprise license, linked to the main (owner) user account for your organisation, and an access token.

If you are currently on a Professional license, please contact us to upgrade your account to H5mag Enterprise.

Step­ by­ Step Configuration Instructions

Step 1. Generate a Bearer token to authenticate with Microsoft 365 / Azure AD.

If you only want to use the Single Sign-On functionality, you can skip this step. To enable provisioning between Microsoft 365 / Azure AD you will need a token.

In your H5mag environment, go to the Accounts page and open the Provisioning & SSO page. You should see the following page:

If you do not have the Provisioning & SSO page and are on the owner account for your organization, please contact us so we can enable it for your account.

If you haven't generated a token before, click the button to generate one. If a token already exists, you can make it visible by clicking the icon.

Step 2. Add H5mag to your Azure AD

Follow the steps in Microsofts documentation to install the H5mag app in your Azure AD.

Step 3. Set up Single Sign-On

To allow your readers to sign in to H5mag from your Microsoft 365 environment, you need to open the Single sign-on page in your Azure H5mag app.

In the Sign-on URL field, enter the value https://account.h5mag.com/auth/request-access/ms365.

Step 4. Enable Provisioning (optional)

If you wish to manage your users in the Azure AD, you can set that up in the Provisioning page. Click the Get Started button to enable Provisioning.

  • In the first step, set Provisioning Mode to Automatic.
  • In Admin Credentials, fill in the data found in the Provisioning & SSO page of H5mag.
    The 'Tenant URL' should be filled with the value of the H5mag 'Provisioning URL' and the 'Secret Token' with the value from the 'API (Bearer) Token'.
  • You should now be able to successfully test the connection.
  • If the test was successfull, click 'Save'.
  • Under 'Mappings' select 'Provision Azure Active Directory Users'.
    H5mag defaults to the following mappings:

    To create a user, we at least need the UserPrincipalName and displayName and an mail address. The other fields are optional, but improve creation of the user.
  • Click 'Save' and return to the Provisioning screen.
  • H5mag does not support groups, and therefor support for Azure groups is also unavailable. To disable the attempt to provision groups, you can select the 'Provision Azure Active Directory Groups' and disable it.
  • In the Settings field, you can select scope of users which should be provisioned to H5mag.
  • Depending on your preference, you can set an notification e-mail address in the Settings field to allow Microsoft keeping you updated on the provisioning.
  • When done, set the Provisioning Status to 'On'.
  • Save the page to start provisioning.

Step 5. Monitor your deployment

Once you've configured provisioning, use the following resources to monitor your deployment:

  • Use the provisioning logs to determine which users have been provisioned successfully or unsuccessfully
  • Check the progress bar to see the status of the provisioning cycle and how close it is to completion
  • If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine state.

Connector Limitations and Tips

  • H5mag does not support groups.
  • The value of the mail user attribute in Azure AD is only populated if the user has a Microsoft Exchange Mailbox. If the user does not have one, it is recommended to map a different desired attribute to the emails attribute in H5mag.
  • If your Connection Test fails, please check your URL and Secret Token. If a second test fails, please contact us to check the H5mag side of the connection.

This integration with Microsoft 365 / Azure Active Directory is currently available only to a limited number of customers. Contact us to learn more.

Last modified: