📧
Azure AD Integration
Deactivate users not in Azure AD
You can automatically deactivate users, not in Azure AD. This action allows users in Sprinkle to be in sync with Azure AD. When someone leaves your organisation or is removed from Azure AD, those users can get deactivated on sprinkle automatically, using this feature.
Below sections capture how to configure the same.
Register an Application in Azure AD. You can refer to the documentation at Register an application in Azure AD. No redirect URI required for the app.
Add permissions Microsoft.Graph -> User.Read.All permissions for the app and Grant admin consent. You can refer to doc Application permission to Microsoft Graph. Below is a screenshot of the application to whom the required permissions are granted.
Please copy Application (Client) ID and Directory (tenant) ID of the application registered.
Create an application secret as mentioned in Add client secret and copy the secret value. You need to configure Application (Client) ID, Directory (tenant) ID and Client secret values in the connection on Sprinkle side.
On the sprinkle portal, go to the User Actions page Admin -> Access Management -> Users -> Actions.
Create a new action for deactivating users by clicking on New User action, and provide all the settings required such as check frequency (Frequency in hours when users get listed on AD and deactivate on Sprinkle if they are not in AD) and Azure connection settings. Azure AD connection can be tested with test connection.
Once the above configuration is completed, users from Azure AD will be synced with Sprinkle with checked frequency and removed users from Azure AD will get deactivated.
Deactivated users can be seen from Admin -> Activity page.
