Hi to all.
I was wondering if it is possible to auto-provision users from MS Entra to Eramba. This would be very helpful, if taking into account that for awareness programs, you would want to automatically add users to the trainings, after they are onboarded to the MS Portal.
BR,
Dimitris
I second this.
i don’t know anything about this microsoft product, but if its is a directory of sorts that speaks LDAP then you should be able to do it with ldap sync: Access Management
IMPORTANT: as explained many times in trainings and documentation, the number of accounts most organisations need to create in eramba is number of departments times 2, the exception is if you are using the Awareness module. deviations from this, are likely to be questionable implementations from our perspective: Access Management
MS Entra is the new name of “Azure Active Directory”. I have setup SAML with this. However, If my organization has 200-300 people that need to have awareness training on GRC, then there is a larger overhead regarding updating the users via continuous uploads of our AD. This will also require an new process towards the GRC team any time a hire is done, and to add/update/upload the new user(s)
If auto provisioning is used, this can be done automatically.
is possible over LDAP, which. your AD should handle. check the docuemention links above pls!
LDAP sync is only useful if you only use LDAP sync. See this comment: Feature - Policy Portal using SAML - #16 by Ovidiu
Imported/synced users can’t be changed. You have to remove it, to re-add it before the next sync cycle to being able to change group memberships.
this is not correct, you can sync accounts and they will authenticate with whatever remote authenticar you have (SAML, LDAP or google oauth)
Sure, but the problem I mentioned is not that they can’t AuthN via the other provided IdPs but rather that they can not be modified (add them to other groups).
Hello,
Yes, the idea with LDAP sync is that you will handle everything on the AD side and then just sync everything into eramba. (for example, people in the IT department on the AD side will be synced to the IT department group in eramba).
Can you elaborate more on the specific use case so we understand better?
The use cases may be :
Case 1 (New install)
Case 2 (Update/managing)
Case 3
The method is called SCIM (System for Cross-Domain Identity Management) and is used by Microsoft Entra ID (Azure AD), Okta, Google Workspace and others.
BR,
Dimitris
Reference: https://scim.cloud/
is interesting, likely to happen some day, but please do not expect this to happen anytime before end of the year, we have full roadmap already for year 25 (and 26…!)
regards
esteban
Sure! 
I guess you already have enough on your plate…
All of those uses cases work with AD at this time and in theory, you can set up a SCIM like functionality depending on your IDP.
For example, Okta has a LDAP interface that you can connect to Eramba. You would then configure it as a Group LDAP connector within Eramba, which you can then use to sync your users into the system. Then, you set up SAML as your authentication method and point that to your Okta SAML. I have group syncing running with Okta for one of my clients using this method (but for access reviews rather than pseudo-SCIM).
Of course, that’s not helpful since you’re on EntraID, but there’s still a couple of options -
Thanks for the ideas. Quite complicated though, and adds one more thing to manage and support.
We will do it manually for now, and see how it goes…
If we can add this to a wishlist or something similar, so as to get some upvotes, and if enough people want it, it may go into the (future) roadmap.