SSO and Directory Sync with Precisely

Learn more about Precisely's SSO login integration and a way to manage your users and teams by synchronizing your Active Directory

Maximize Precisely’s integration with your general workspace!

Our team can link your Precisely account to your existing workspace. Currently, we offer Single Sign-on Integration and Synchronization with your Active Directory that can make your workflow even more efficient.

Single Sign-On (SSO)

Avoid remembering numerous usernames and passwords. With the Single Sign-on (SSO) integration, you and your coworkers can easily access the Precisely platform using the same authentication method  - such as Microsoft Azure, Okta, Google and OneLogin - as in all your work-related apps. By doing this, account management becomes easier and security greater. Contact us to get SSO enabled for your organization in Precisely.

SSO

Directory Sync

If your company uses one active directory (AD) - such as Microsoft Azure or Okta - to keep a track of the employees and the given access to different work resources, we at Precisely can also synchronize this with our platform.

With directory sync, you are able to keep full control of your employees that are also Precisely users. This is possible even if your company has multiple organizations within Precisely.

In our platform, you will automatically be notified of all relevant changes related to users, groups, or access rules. This also includes new relevant employees being added to our platform accordingly. Of course, you will still be able to make adjustments to the platform if needed, without interrupting your general directory.

AD

For technical reasons, it is required to also have the SSO integration in order to synchronize your Active Directory with Precisely. Note that you do not necessarily need to use the same provider for SSO and AD. Contact us to get AD and SSO enabled for your organization in Precisely.

 

Adding users to Precisely via Active Directory

To be able to provision users through your Active Directory, first you'll need to configure the connection according to the instruction given by the Precisely Team (see how to contact us).

Then, you'll be able to start creating groups and adding users. There are several ways of provisioning and managing users in Precisely from your Active Directory. 

  • 1. Provisioning users only (no user role specified)
  • 2. Provisioning users according to their user role
  • 3. Managing users and their team membership

⚠️ For a user to be successfully provisioned (added) to Precisely through Active Directory, you must choose either Option 1 or Option 2.

Option 3 (organizing teams) is not mandatory, and it can only be used after users have been provisioned (added) to Precisely through Option 2 (according to their user role).

👇 Keep reading for detailed instructions on each option.

 

1. Provisioning users only (no user role specified)

To provision users without specifying their user role (admin/manager/member/viewer), you only need to create one group per organization in your AD with the following naming convention:

Precisely/<org_id>

Reference <org_id> needs to be replaced by your Precisely organization ID, which can be found in the top right bar by clicking the organization's name.

Screenshot 2022-10-19 at 15.49.03

All users in Precisely will automatically get member user roles. The roles need to be manually adjusted directly in the Precisely platform in the Users & Teams settings. Please note that only admin users are able to access these settings.

Screenshot 2022-10-19 at 15.52.42

 

2. Provisioning users according to their user role

You're also able to directly provision users together with their user role (admin/manager/member/viewer).

In that case, you need to create 4 different groups following the naming convention below.

Precisely/<org_id>/Admins
the user is added to the Precisely organization as an admin
Precisely/<org_id>/Managers

the user is added to the Precisely organization as a manager

Precisely/<org_id>/Members

the user is added to the Precisely organization as a member

Precisely/<org_id>/Viewers

the user is added to the Precisely organization as a viewer

Reference <org_id> needs to be replaced by your Precisely organization ID, which can be found in the top right bar by clicking the organization's name.

Screenshot 2022-10-19 at 15.49.03

⚠️ Important!

  • Each user must be added to one of the groups above.
  • Each user can be added to only one of the groups.

 

3. Managing users and their team membership

You're also able to set up Precisely team membership for each user directly in your AD. This can only be done if you've previously provisioned a user according to their user role.

Teams in Precisely are departments or groups of team members in your organization (e.g. Legal, Accounting, Sales, Management, People & Culture, etc.). When you want to give that department or group access to a template, a folder, or a document, you share it with the team.

To organize users into their team already in your AD, use the following naming convention:

Precisely/<org_id>/Team/<team_name>

Reference <org_id> needs to be replaced by your Precisely organization ID, which can be found in the top right bar by clicking the organization's name.

Screenshot 2022-10-19 at 15.49.03

Reference <team_name> should be replaced by the name of the specific team in the Precisely platform. Admin users are able to create teams in the Precisely platform under Users & Teams settings.

Screenshot 2022-10-19 at 16.19.45

⚠️ Important!

  • Make sure to write team names in the exact letters, since the names are case-sensitive (copy-paste is your best friend! 🤓)
  • If you type in a team name in your AD that does not exist in the Precisely platform, that team will be automatically created in Precisely 🧠
  • Team membership is optional. This means that one user can belong to several teams, or they don't have to belong to any team.

Removing users from Precisely via Active Directory

To deprovision (remove) a user from Precisely, they should be removed from the groups in your Active Directory.

Please note that it's not enough to disable an account of that user in your system, but the user should be specifically removed from AD groups belonging to Precisely.

 

 

Any questions remaining? Get in touch!