This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Azure AD Provisioning Issue

We have Samanage setup to automatically create accounts in Azure AD Enterprise Application area, so that in theory when an account is created in Azure, it should get created there.  Every time though the provisioning log comes up as skipped.  The log is showing as:

The User '***@***.net' will be skipped due to the following reasons: 1) This object is not assigned to the application. If you did not expect the object to be skipped, assign the object to the application or change your scoping filter to allow all users and groups to be in scope for provisioning. 2) This object does not have required entitlement for provisioning. If you did not expect the object to be skipped, update provisioning scope to 'Sync all users and groups' or assign the object to the application with entitlement of provisioning category
SkipReason - NotEffectivelyEntitled
IsActive - True
Assigned to the application - False
IsInProvisioningScope - True
ScopeEvaluationResult - {}
Microsoft documents has Tutorial: Azure Active Directory integration with SolarWinds Service Desk (previously Samanage) | Microsoft Docs which shows that it was updated earlier this month, but step the whole configure SolarWinds SSO looks out of date.  
In Azure AD Enterprise, should the sign-in URL be something like this, which it currently is?  app.samanage.com/.../<Company Name> 
The Microsoft document under Configure Azure AD SSO shows the Sign on URL as https://<Company Name>.samanage.com/saml_login/<Company Name>, which is what we have in Samanage SSO, but not in Azure.  This all was setup long before I came along, so not sure if this was setup per Samanage instructions possibly, or if it was setup wrong.
I can manually add them but that is a bit of a hassle.
  • Hello,

    We've set up our SSO back when it was still Samanage, but I will try to help you with the bit of knowledge I have.

    In Azure AD Entreprise the Sign on URL is something like this https://[company].samanage.com/saml_login/[company]

    This is the exact URL which is copied from Solarwinds Service Desk Setup>Account>Single Sign-On>Login Using Azure AD>Login URL

    The fact that your users are not provisionned may be because they have not been assigned to the application.

    To do that, in Azure AD you need to go to your Solarwinds Service Desk application, then Users and Groups and add them here.

    If you have an Azure AD Premium, you can add a group, this way you won't have to manually add each user when you create them.

    Another way to handle this is to go to you application Properties and check User Assignement : No.

    Then any user in your organisation will be able to log into Solarwinds Service Desk without any action from you. And every account will be automatically provisionned too.

    Good Luck!