Directory sync is a feature used to synchronize users, groups and other relative data between an organization's directory service (like Active Directory) and Autodesk. This synchronization ensures that user identities and attributes are consistent between an organization's directory service and user provisioning/product assignment within Autodesk, simplifying user management and access control.
Refer to Access to Directory Sync to learn about eligibility or prerequisites to using directory sync.
Streamlines user management - Directory sync enhances user management by automating team provisioning in Autodesk account. While SSO secures access by requiring employees to use their organization's credentials and allows for on-demand account creation and team assignment. Directory sync takes this a step further by enabling admins to define and sync groups of users directly from their organization's directory. This eliminates the need for users to sign in often or for admins to manually invite them.
Simplifies product assignment and deprovisioning - By combining directory sync with the ability to assign products by group, an admin is able to create an efficient user provisioning workflow—adding users to a directory group automatically syncs them to a read-only group in Autodesk account and assigns software access. Furthermore, removing users from the organization's directory seamlessly revokes their product access and group membership, ensuring clean deprovisioning.
Directory sync across multiple teams - Available with Azure AD SCIM set up only, directory sync can be applied to multiple teams, allowing organizations to synchronize user identities and attributes from their directory services with multiple teams within Autodesk.
The multiple team directory sync feature is currently supported for Azure AD SCIM setup only.
Directory sync in Autodesk offers 2 types of directory envronments:
For SCIM connections, only Azure AD and Okta are the supported identity providers.
This section provides the features supported in the directory environments. The following are the provisioning features supported in the directory environments (Azure AD SCIM, Okta and On-premises):
Push New Users and Groups
Push User Deactivation & Reactivate Users
Push Profile and Group Updates
This section outlines various known issues categorized into Global, Azure, and Okta-specific issues. You can find the global issues listed below, while the Azure and Okta issues are detailed in their respective setup guides. Please follow the provided links for more information on Azure and Okta issues.
Global known issues
Following are the Global issues:
Autodesk does not support the default SCIM attributes. Only the following attributes are supported for the user:
Autodesk does not support pulling or importing users and groups from the SCIM server. Only inbound requests are supported to push users, groups, and membership.
Synced users and groups are read-only in the Autodesk account. They can be modified by only making changes in the customer's directory and pushing the changes.
Group names are unique under a team regardless of the group type. Pushing a group with the name that already exists under the team gives the conflict error.
Deleting a group is successful only when the group does not exceed 50 users. To delete a group, the number of users should be either removed or reduced to 50 or fewer users in the directory environment.
If a user does not have LastName, put "." or "-" as it cannot be empty. The customer should follow the SAML SSO attributes mapping.
The nested groups are not supported. They are sent as the users in the group in Autodesk.