Applies To:
Technical Administrators.
Common Causes/Issues:
- Your organization uses Azure AD for user provisioning.
- You would like to learn:
- how you can create a custom attribute in Azure AD
- how to map custom attributes to your user attributes inside Pinnacle Series
- how to take advantage of group-based rule sets to automatically match attributes within Pinnacle Series.
Solution Overview:
- For each application, you might have different requirements for the information you want to collect during sign-up. Azure AD comes with a built-in set of information stored in attributes, such as Given Name, Surname, City, and Postal Code.
- For an update (June 2022) regarding available attributes please see this article:
User management enhancements in Azure Active Directory - Follow the guidance below to create a custom attribute.
Tactical Rundown:
Step 1: Create a custom attribute in Azure AD
-
Sign in to the Azure portal as an Azure AD administrator.
-
Under Azure services, select Azure Active Directory.
-
In the left menu, select External Identities.
-
Select Custom user attributes. The available user attributes are listed.
-
To add an attribute, select Add.
-
In the Add an attribute pane, enter the following values:
- Name - Provide a name for the custom attribute (for example, "Shoesize").
- Data Type - Choose a data type (String, Boolean, or Int).
- Description - Optionally, enter a description of the custom attribute for internal use. This description is not visible to the user.
-
Select Create.
- The custom attribute is now available in the list of user attributes and for use in your user flows. A custom attribute is only created the first time it is used in any user flow, and not when you add it to the list of user attributes.
Step 2: Pinnacle Series Admin Browser
- To map Azure AD properties to custom user attributes in Pinnacle Series, select Manage on the Map User Attributes menu within the Integrations overview.
- To begin mapping, select the Add Property button within the Map User Attributes menu.
- Select an existing Pinnacle user attribute from the corresponding drop-down. If you do not see the required attribute, return to the User Settings menu and define your attribute as needed. Type in the custom property ID (Provide a Name for the custom attribute (for example, "ShoeSize"))
- With a Pinnacle user attribute defined, select the AD User Property dropdown. A query of available
AD user properties will be presented. - Choose the appropriate AD property and select Save.
- The defined mapping will automatically populate data to the Pinnacle user attribute during your next user synchronization.
- If you do not see data populating, check your User Attribute mapping for accuracy and ensure that your users have data present within the AD property in your Azure environment.
Step 3: Rule sets
- Use complex rule sets to automatically match attributes within Pinnacle Series
- You can create a rule container per group
- Select the group (1) top left
- Select rule matching parameters, and choose either:
- Match all of the following rules
- Match at least one of the following rules
- Enter the custom property from Azure (1)
- Select the rule condition from the drop-down menu (2)
- Enter the Pinnacle attribute that you would like to match the Azure attribute to. (3)
Related Article(s):
User management enhancements in Azure Active Directory
Administration Portal Overview
Group Synchronization Rules and Attributes - Browser Admin
Synchronize Users with Active Directory
Job Role Attributes - Browser Admin
Configuring Synchronization with Microsoft AzureAD - Browser Admin