Share

About Directory Sync

Directory sync is a feature used to synchronize users, groups and other relative data between an organization's directory service (like Active Directory) and Autodesk. This synchronization ensures that user identities and attributes are consistent between an organization's directory service and user provisioning/product assignment within Autodesk, simplifying user management and access control.

Note:

Refer to Access to Directory Sync to learn about eligibility or prerequisites to using directory sync.

Why use directory sync?

Streamlines user management - Directory sync enhances user management by automating team provisioning in Autodesk account. While SSO secures access by requiring employees to use their organization's credentials and allows for on-demand account creation and team assignment. Directory sync takes this a step further by enabling admins to define and sync groups of users directly from their organization's directory. This eliminates the need for users to sign in often or for admins to manually invite them.

Simplifies product assignment and deprovisioning - By combining directory sync with the ability to assign products by group, an admin is able to create an efficient user provisioning workflow—adding users to a directory group automatically syncs them to a read-only group in Autodesk account and assigns software access. Furthermore, removing users from the organization's directory seamlessly revokes their product access and group membership, ensuring clean deprovisioning.

Directory sync across multiple teams - Available with Azure AD SCIM set up only, directory sync can be applied to multiple teams, allowing organizations to synchronize user identities and attributes from their directory services with multiple teams within Autodesk.

Note:

The multiple team directory sync feature is currently supported for Azure AD SCIM setup only.

Scope

Directory sync in Autodesk offers 2 types of directory envronments:

  • SCIM (System for Cross-domain Identity Management) for cloud-based direct provisioning to Autodesk account.
    • Azure AD
    • Okta
  • Directory Agent for connecting on-premises directory to Autodesk account.
Note:

For SCIM connections, only Azure AD and Okta are the supported identity providers.

Capabilities

This section provides the features supported in the directory environments. The following are the provisioning features supported in the directory environments (Azure AD SCIM, Okta and On-premises):

  1. Push New Users and Groups

    • New users and groups created through any of the directory environments is also created in the Autodesk account.
  2. Push User Deactivation & Reactivate Users

    • Deactivating the user through directory environments deactivates the user in the team in the Autodesk account too.
    • Reactivating the user through directory environments reactivates the user in the team in the Autodesk account too.
  3. Push Profile and Group Updates

    • Group attributes and membership updates are synced in the Autodesk account.
    • User's profile details updated through directory environments are pushed to the Autodesk account.

Known Issues

This section outlines various known issues categorized into Global, Azure, and Okta-specific issues. You can find the global issues listed below, while the Azure and Okta issues are detailed in their respective setup guides. Please follow the provided links for more information on Azure and Okta issues.

  • Global known issues

    Following are the Global issues:

    1. Autodesk does not support the default SCIM attributes. Only the following attributes are supported for the user:

      • userName (must be an Email)
      • name.givenName
      • name.familyName
      • active
      • objectGUID (uniqueID of the user in the customer's directory)
    2. Autodesk does not support pulling or importing users and groups from the SCIM server. Only inbound requests are supported to push users, groups, and membership.

    3. Synced users and groups are read-only in the Autodesk account. They can be modified by only making changes in the customer's directory and pushing the changes.

    4. Group names are unique under a team regardless of the group type. Pushing a group with the name that already exists under the team gives the conflict error.

    5. Deleting a group is successful only when the group does not exceed 50 users. To delete a group, the number of users should be either removed or reduced to 50 or fewer users in the directory environment.

    6. If a user does not have LastName, put "." or "-" as it cannot be empty. The customer should follow the SAML SSO attributes mapping.

    7. The nested groups are not supported. They are sent as the users in the group in Autodesk.

  • Known issues for Okta SCIM Setup

Was this information helpful?