Users updating via 365 integration


We have successfully imported and connected our SWSD to our Azure via the Service Desk application.  We have an All Employee group in our active directory that includes, wait for it...All Employees.  This keeps it simple as users come and go they are added or removed from that group.  We have them all being dumped in as Requesters but if we assign a different role like Admin, Service Agent User, or Service Task User manually, during the next sync they are moved back to Requester.

For our Admins we solved this by putting them in individually in the app integration as a user instead of app and selected their role to be Admin and it seems to be sticking.  My question is, is this the best way to handle this or is there a better way?



  • Howdy ,

    You're doing things the right way. The way Azure provisions doesn't really allow for a user to be in multiple groups. The groups you assign to roles don't run in a hierarchical batching process, so at any given run, it might see you in All Employees and make you a request, or Admins and make you an Admin. This is just a limitation of how those provisioning steps run.

    What we can recommend is instead of using an All Employees group, create a dedicated group for Requesters. The provisioning works best with security groups that are dedicated to SWSD and paired 1-to-1 with a role. 

    I hope this helps!