About Directory Sync

Autodesk directory sync allows customers to add and maintain users from their organization's directory groups to their Autodesk team. The automated sync ensures that user details are current, that access is managed based on the enterprise user directory (Add and Remove Users) and streamlines user provisioning/product assignment within Autodesk.

Note: Refer to Access to Directory Sync to understand how to qualify for single sign-on (SSO) access.

Why use directory sync?

SSO offers organization's the ability to secure user access by requiring employees to enter their organization's credentials instead of creating and remembering a separate Autodesk password. SSO also allows for user accounts to be created on demand and added to the correct team in Autodesk Account, providing a simple approach for building your user list and managing access.

Directory sync however takes this another step further by allowing administrators to define groups of users that can be synced to the organization's team in Autodesk Account. This allows users to be added to a team without requiring users to sign in or admins to manually invite them. When coupled with the new teams feature to assign products by group, this provides a user provisioning flow, where a user can be added to a group in the organization's directory, synced to a read-only group in the team in Autodesk Account and automatically assigned software access.

Directory sync also provides a clean deprovisioning process where users removed from the organization's directory will no longer have product access or be a part of the sycned group.

Scope

Autodesk directory sync offers 2 connection types:

Directory agent for connecting on-premises directory to Autodesk Account.
SCIM (System for Cross-domain Identity Management) for cloud-based direct provisioning to Autodesk Account.

SCIM has been tested and documented for Azure AD and Okta, though it should support any identity provider with SCIM capabilites.

Capabilities

Supported Features for Okta SCIM Setup

Known Issues

This section contains known issues that are classified into global, azure and okta specific where global issues are listed here while azure and okta issues are listed in their respective setup guides (follow the links).

Global known issues
1. We do not support all of the default SCIM attributes. Only the following attributes are supported for the user:
  - userName (must be an Email)
  - name.givenName
  - name.familyName
  - active
  - objectGUID (uniqueID of the user in the customer's directory)
2. We do not support pulling or importing users and groups from the SCIM server. Only inbound requests required to push users, groups, and membership are supported.
3. Synced users and groups are read-only in the Autodesk Account. They can be modified by only making changes in the customer's directory and pushing the changes.
4. Group names are unique under a team regardless of the group type. Pushing a group with the name that already exists under the team will give the conflict error.
5. Deleting a group can be successful only when the group does not exceed 50 members. The number of members should be either removed or reduced to 50 in Autodesk Account in order to delete a group.
6. If a user does not have LastName, put "." or "-" as it cannot be empty. The customer should follow the SAML SSO attributes mapping.