Warning: This document contains instructions for adjusting synchronization settings that can adversely affect your device data, user data, and/or user mapping settings in Incident IQ. As such, only qualified personnel should proceed with making adjustments to the settings outlined in this document.
Guide Overview
The Microsoft Azure SSO App allows administrators to seamlessly integrate Microsoft’s Azure Active Directory secure single sign-on feature into Incident IQ. This provides users with the ability to confidently and easily sign in using only their Microsoft Azure associated account. The following guide is designed to provide step-by-step instructions on how to manage the Microsoft Azure SSO App in Incident IQ.
Not what you were looking for? Perhaps one of these other guides will help:
- Microsoft Azure SSO App Installation – A guide designed to provide step-by-step instructions on how to install the Microsoft Azure SSO App in Incident IQ.
- Managing Incident IQ Apps – A guide designed to provide a brief overview of Incident IQ Apps and how to access app management.
Guide Index
You can use the following links below to quickly navigate to a specific section in this document. To quickly return to this index simply use the Return to Index link located at the end of any section.
App Management
To access the Azure SSO app management, navigate to the Apps Management page and select Options on the Microsoft Azure SSO App.
This will take you to the Microsoft Azure SSO App management page where you will be able to select the following tabs:
- Overview tab where you can view basic user and group data, reset your authentication status or run a manual sync with your Azure directory.
- User Mappings tab where you can update your filter settings and email translations.
- Location Mappings tab where you can change the default location users will automatically map to if they do not have an existing mapping in the system.
- Role Mappings tab where you can change the role users will automatically map to if they do not have an existing mapping in the system.
- Sync History tab where you view the sync data for each sync including users updated, skipped, created, and deactivated.
- User History tab where you can view the user revision history in Incident IQ, as well as the current groups this user belongs to.
Overview Tab
This tab provides you with a brief summary of your current users, groups, and changes made to users in Incident IQ during the last sync with Azure.
Aside from user and group data, you can reset your authentication status with Microsoft Azure from here by clicking on the Reset button. Alternatively, you also have the option of forcing a manual sync with your Azure directory by selecting Re-Sync.
User Mappings Tab
This tab allows you to change your email filter and translation information, as well as your user creation, updating, and deletion settings.
Email filters are designed to sort out any emails that contain a certain expression. For instance, by setting a filter for “@iiq.k12.ga.us”, Incident IQ will automatically ignore these email addresses during a sync.
- Email Translation: This enables Incident IQ to translate email addresses pulled from Azure into a uniform format when storing in iiQ. This is useful, and often necessary when using Incident IQ in conjunction with programs such as Infinite Campus.
- Example: Setting a translation to find “@azure.com” and replace it with “@iiq.k12.ga.us” will ensure that all “@azure.com” addresses are updated and stored as “@iiq.k12.ga.us” in iiQ only. This will not make any changes to the addresses stored in Azure itself.
- Create User: When this box is checked, a new user will be created in Incident IQ for any new users found during the initial import from Azure, as well as any new users found when a sync is run.
- Update User: When this box is checked, a user will be updated in Incident IQ when any changes are found during a sync.
- Delete User: When this box is checked, a user will be deleted in Incident IQ when a user is found to have been removed in Azure during a sync.
You can also change the login button text from this tab as well. By default, the login button text is set to Microsoft Azure unless otherwise specified.
Location Mappings Tab
This tab allows you to select or modify your current location mappings between Incident IQ and Azure AD. You are also able to modify your current default location for any users that do not have a mapped location during an import or sync.
Role Mappings Tab
This tab allows you to select or modify what role you want users to map to that do not already have an established group mapping. You are also able to view and modify your Azure mapping setup with Incident IQ underneath Custom Mapping.
Sync History Tab
Clicking on particular sync will bring up the sync details which include the total number of users, groups, as well as the number of users add, updated and skipped. Clicking on the Created, Updated, or Skipped options below the overview will pull up all users affected by this change during the sync.
User History Tab
This tab allows you to search for any user’s Azure SSO information. This includes their Azure ID, email addresses, Group Membership, and their sync history. This information is useful in quickly determining if the user is affected by any email translations, establishing their group mappings, and identifying if syncing between the systems is being suppressed.
