Versions Compared

Old Version 6

changes.mady.by.user Nate Parsell

Saved on

compared with

New Version 7

changes.mady.by.user Nate Parsell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create Azure groups for Prospects and Students

    1. Create a group in Azure for your prospects

    2. Update the Web App Configuration AZURE_AD_GROUP_OBJECT_ID_PROSPECT with the Azure object id of your prospect group, followed by 2 pipes ||, followed by the Campus Café permission group for prospects

      • Ex:   6fadd35c-e27b-4634-a60e-56ac820fb202||APPLICANT

    3. Create a group in Azure for your students

    4. Update the Web App Configuration AZURE_AD_GROUP_OBJECT_ID_STUDENT with the Azure object id of your student group, followed by 2 pipes ||, followed by the Campus Café permission group for students

      • Ex:  e0f1ca97-691d-4d95-9139-fac7e22964c8||WEBDEFAULT

    5. If you do not have separate groups in Azure for students and prospects then assign them the same Azure group id

    6. Only Campus Café users assigned to either of these permissions groups in Campus Café will be integrated with Azure

  2. Integration errors

    1. Any errors generated during Campus Café / Azure integration will generate an email.

    2. Update the Web App Configuration AZURE_AD_EMAIL with a comma separated list of email addresses to receive these emails

  3. Campus Cafe Alternate provision fields in Web App Configurations (Admin Menu -> Web App)

    1. By default, Employee ID is the Azure field used to receive the Campus Cafe ID Number upon provisioning. If an institution requires that Employee ID be reserved for an alternate use, AZURE_AD_ID_NUMBER_FIELD can be configured to use the value customSecurityAttributes in Azure.

    2. If using customSecurityAttributes the fields AZURE_AD_ATTRIBUTE and AZURE_AD_ATTRIBUTE_KEY will be utilized. The default setting for AZURE_AD_ATTRIBUTE is CampusCafeData, and the default setting for AZURE_AD_ATTRIBUTE_KEY is IdNumber. These values create a custom security attribute for the account being provisioned:

...

Info

Provisioning ID Numbers to customSecurityAttributes and EmployeeID

If, at any point, your Azure data requirements change, and you need to use EmployeeID for a purpose other than SSO Account Provisioning from Campus Cafe, but do not need to reverse-apply the data, the Azure SSO integration searches both EmployeeID and the customSecurityAttributes values contained in AZURE_AD_ATTRIBUTE and AZURE_AD_ATTRIBUTE_KEY. Once the values in AZURE_AD_ATTRIBUTE and AZURE_AD_ATTRIBUTE_KEY are defined in Campus Cafe, however, they should not change, or the accounts provisioned with the old value will be orphaned and require a change to their Azure Custom Secuirty Attribute value and key.The Campus Cafe ID Number ↔︎ AZURE_AD_ID_NUMBER_FIELD link is required for updates to populate from Campus Cafe to Azure. If a user account changes user groups in Campus Cafe, and the Campus Cafe ID Number had been stored in the Azure Employee ID field, but the setting in Campus Cafe is now to use customSecurityAttributes, the credentialing process would continue to function appropriately, but changes to the permission group, and the associated Azure Group Membership would no longer actively sync. This is corrected by placing the Campus Cafe ID in the correct location

Microsoft Entra Configuration (Only for customers using Azure customSecurityAttributes instead of the Azure Employee ID field)

...