Configure Identity Connector for Azure Active Directory

Alicia Allen Updated by Alicia Allen

Overview

With Brivo's Identity Connector, customers can provision their Azure AD users and groups to Brivo Access, allowing them to manage onboarding and offboarding users in a single application.

Prerequisites

Before you begin, ensure that you have the following required elements:

  • An active Azure Active Directory account 
  • An active Brivo Access account with an Identity Connector subscription
  • An active Brivo Service administrator account (create a Brivo administrator with all user and group permissions solely for the integration)

Creating your secret token

  1. Log in to Brivo Access with your Brivo Service administrator account.
  2. In the Brivo Access interface, click on Configuration, then Applications Management on the left navigation bar. Click on the Azure AD tab and the Azure AD details page displays. 
  1. In the Access Password field, enter the Brivo Service administrator password and click Submit.
  1. The Tenant URL and Secret Token fields will populate. 
  2. Copy the Secret Token.
  1. The secret token will be used in the next section. when configuring Azure with Brivo Access. 

Creating your Azure Enterprise application

  1. Click on the Microsoft Entra ID link, then on the Enterprise Applications link, and finally click on the + New application link. 
  1. In the Add from the gallery text box, typo Brivo. Brivo Onair Identity Connector will appear as an option. Click on the Brivo application. Finally, enter a name for the application and click Create. 

Configuring Azure with Brivo Access

  1. In the Enterprise Applications tab, select the previously created application. 
  2. Select Provisioning, then click Get Started, and set the mode to Automatic. 
  1. Use the URL https://identity-connector-service.prod.brivo.com/api/ActiveDirectory/v2/ and enter the secret token copied in Step 4 above.
  1. Click on the Test Connection button. If any errors occur, please contact Brivo Technical Support. 
  1. After a successful test of the connection, destroy any previously stored copies of the secret token to reduce cybersecuirty risks. Should you ever need to reenter a secret token, you may recreate a new one in Brivo Access.
  2. When finished, click Save. 
  1. In the Provisioning section under Mappings, select Provision Azure Active Directory Users. 
  1. Under Target Object Actions uncheck the Delete checkbox.

NOTE: Delete must be unchecked. Brivo's Identity Connector does not support deleting users. Keeping this box checked will result in errors in the logs.

  1. In the Attribute list, click on objectID. Set the Match objects using this attribute field to Yes. Click Ok.
  1. In the Attribute list, click on userPrincipleName. Set the Match objects using this attribute field to No. Click Ok.

NOTE: Confirm your Attribute list matches the image below.

  1. Save the Attribute Mapping changes.
  1. Under the Manage column, select Users and Groups when adding user(s) or group(s) to be automatically provisioned from Azure Active Directory to Brivo Access. 
  1. Under Add Assignment, click on Users and Groups to select a group. Under Users and Groups, select from the available groups by clicking on the Select button. Once selected, click on the Assign button. 
  1. Click the Provisioning tab, then Start Provisioning.

NOTE: New users and groups typically appear in Brivo Access within 15-30 minutes of configuration. New custom fields will be added to users as shown below upon successful first provisioning.  

How did we do?

Identity Connector for Azure Active Directory

Contact