How to configure a service for assigning accounts to an AAD group
After you have installed the Provisioning Workflow - Assign Azure Active Directory Group package, you will need to configure a corresponding service:
- Open the Service Catalog application.
- Create a service with the "Assign to AAD Group" name.
- On the General tab, select Operational in the Status field.
- On the Provisioning tab, fill in the following fields:
- In the Provisioning Workflow lookup, select the Provisioning - Assign AAD Group workflow.
As a result, the Target Type field value will change to AD Account and two additional fields will appear.
- In the Azure Active Directory Group lookup, select an AAD group to which accounts will be assigned.
- In the Configuration lookup, choose the AAD data provider configuration. The workflow uses this data to retrieve the service connection and connect to Azure Active Directory.
- Save the dialog.
Now you can use the Self Service Portal application and the Assign Service action in the Service Catalog application in order to add AAD accounts to the selected AAD group.
The unassignment of service can be made by returning the service on Self Service Portal and by using the Unassign Service action.
On ordering and returning services via Self Service Portal, see Ordering Services and Returning Services.
To check which AAD accounts belong to which AAD group, open Groups > AD Groups in the Master Data application and review member accounts for the selected group.