Automate user provisioning

Hi, I am new to the Forum. Wondering if there is a way to automate the user creation in Active Directory based on an Onboarding form in the Service Catalog.

Also , and as an extension to the first question, if there is a way to automate the provisioning on other systems, not just Active Directory.

  • In general, you can use a Process Integration (Setup > Integrations > Process Integrations) to send API calls to external services. My organization uses it a fair amount. In theory, you could use that for any service that accepts HTTP-based API requests.

    As for whether you can get that to work for AD... unsure. If you have a pure-Azure AD environment it'd be a lot easier than on-prem. A Google search tells me that there are add-ons for AD to make this possible, unsure if it's feasible out of the box.

    Worst case, if your organization can support it, you could make your own API sitting at some endpoint to receive your Service Desk calls and go perform the AD change manually. Lot of work, setting up your own API and mapping everything, but that'd be the most flexible custom option.

  • Michael. Thanks for the answer. The Active Directory in on Premises. We have AD syncing to Azure AD so once that the user is on AD we can use AZ AD user provisioning to do a ton of things but I need to get the first step working.

  • We have the same setup here, and boy it can be a pain in the ... yeah. The problem with AAD Sync is that, as you probably know, there's a lot of stuff that only syncs from on-prem to Azure, not vice-versa -- so that first step is not going to have a pretty answer until the day MSFT feels like making the sync bidirectional.

    The only solution I can then think of for you is using one of those external third-party programs to extend AD's on-prem functionality, or going the extra mile and creating some server program to process your API calls. Either way, use Process Integrations. Unless someone else has a better idea, which I'd love to hear!

  • I would second this. Since you have AAD, you can use the Process Integration in the Samanage form to send an API call to a Power Automate program. If you can use PA to provision a user, the following should work for you:

    Creating an PA http endpoint for the catalog item to ping with the payload being something the created service catalog incident ID. Then you can have PA pull the service catalog item with a get request:

    and process the request field variables to provision the user.

    Otherwise you would have to create some sort of external facing API that can receive the Process Integration http POST from Samanage then interact with your on-prem AD.