Transcript
00:03
As a primary administrator for your Autodesk account, you are able to incorporate the use of active directory sync.
00:09
In this video, we introduce this tool and discuss the benefits.
00:15
Having implemented Autodesk SSO, you have leveraged your company's active directory for authentication.
00:21
This means that once a user authenticates on your domain,
00:24
the credentials are passed to Autodesk through the SAML assertion protocol,
00:28
to subsequently authenticate their Autodesk IDs and provide immediate access to their Autodesk software and services.
00:38
Once the Autodesk SSO has been fully enabled,
00:41
any user who is able to authenticate on your domain and does not have an existing Autodesk account,
00:46
will have an Autodesk account automatically created using the self-registration functionality of SSO.
00:53
This new account is automatically added to your company's Autodesk tenant as a new user.
00:58
However, it is important to remember that,
01:00
this still leaves assigning software entitlements to this new user up to your account's primary administrator.
01:07
Until entitlements are assigned, the new user will not have access to any software licenses that they may need.
01:16
To take your Autodesk implementation one step further, you can enable active directory sync.
01:21
This allows administrators to define groups of users on your company domain that can be synced to your Autodesk account.
01:28
This allows users to be added to a team without requiring users to sign-in or self-register,
01:34
or administrators to manually invite them to the Autodesk account.
01:38
When coupled with the team's feature to assign products by groups,
01:42
this provides a user provisioning workflow where a user can be added to the group in an organization's directory,
01:49
synced to a read-only group in the team in the Autodesk account, and then be automatically assigned software access.
01:57
Directory sync also provides a clean deprovisioning process,
02:01
where users removed from the organization's directory will no longer have product access or be a part of the sync group.
02:11
There are four distinct phases to implementing active directory sync.
02:16
The first of these phases is the preparation phase.
02:19
This is an important phase that sets the stage for a successful implementation of active directory sync.
02:26
To begin, you want to ensure that SSO has been enabled for the domain that you were intending to sync from.
02:31
You will also want to identify a domain administrator that has access to your identity provider tools,
02:37
as they will be required to help set up directory sync and may be required to install a directory agent.
02:43
And then, the final step in this preparation phase is to identify your directory environment method.
02:49
Autodesk offers two methods of implementing directory sync.
02:53
The first being on-premise, which uses an active directory agent,
02:57
which is a downloadable component that is installed on the local domain server to create a directory sync connection in your Autodesk account.
03:06
The second is using a system for cross-domain identity management or SCIM, which is an industry standard for creating a directory connection.
03:15
The two supported are Azure and Okta.
03:20
The next two steps of implementation is where you will focus on setting up and configuring active directory sync for your account.
03:28
The steps in these phases vary depending on the method you choose for implementation.
03:34
These steps have been conveniently detailed in Autodesk Single Sign-on configuration as shown here.
03:41
In the final phase, you will enable active directory sync to start the synchronization,
03:46
and then you should login to Autodesk account and be sure to review the results.
03:50
Unlike the SSO implementation that benefits users with an easier login process,
03:56
this active directory sync implementation benefits the administrators the most,
04:00
in that now user creation and software entitlements can be driven through your active directory.
00:03
As a primary administrator for your Autodesk account, you are able to incorporate the use of active directory sync.
00:09
In this video, we introduce this tool and discuss the benefits.
00:15
Having implemented Autodesk SSO, you have leveraged your company's active directory for authentication.
00:21
This means that once a user authenticates on your domain,
00:24
the credentials are passed to Autodesk through the SAML assertion protocol,
00:28
to subsequently authenticate their Autodesk IDs and provide immediate access to their Autodesk software and services.
00:38
Once the Autodesk SSO has been fully enabled,
00:41
any user who is able to authenticate on your domain and does not have an existing Autodesk account,
00:46
will have an Autodesk account automatically created using the self-registration functionality of SSO.
00:53
This new account is automatically added to your company's Autodesk tenant as a new user.
00:58
However, it is important to remember that,
01:00
this still leaves assigning software entitlements to this new user up to your account's primary administrator.
01:07
Until entitlements are assigned, the new user will not have access to any software licenses that they may need.
01:16
To take your Autodesk implementation one step further, you can enable active directory sync.
01:21
This allows administrators to define groups of users on your company domain that can be synced to your Autodesk account.
01:28
This allows users to be added to a team without requiring users to sign-in or self-register,
01:34
or administrators to manually invite them to the Autodesk account.
01:38
When coupled with the team's feature to assign products by groups,
01:42
this provides a user provisioning workflow where a user can be added to the group in an organization's directory,
01:49
synced to a read-only group in the team in the Autodesk account, and then be automatically assigned software access.
01:57
Directory sync also provides a clean deprovisioning process,
02:01
where users removed from the organization's directory will no longer have product access or be a part of the sync group.
02:11
There are four distinct phases to implementing active directory sync.
02:16
The first of these phases is the preparation phase.
02:19
This is an important phase that sets the stage for a successful implementation of active directory sync.
02:26
To begin, you want to ensure that SSO has been enabled for the domain that you were intending to sync from.
02:31
You will also want to identify a domain administrator that has access to your identity provider tools,
02:37
as they will be required to help set up directory sync and may be required to install a directory agent.
02:43
And then, the final step in this preparation phase is to identify your directory environment method.
02:49
Autodesk offers two methods of implementing directory sync.
02:53
The first being on-premise, which uses an active directory agent,
02:57
which is a downloadable component that is installed on the local domain server to create a directory sync connection in your Autodesk account.
03:06
The second is using a system for cross-domain identity management or SCIM, which is an industry standard for creating a directory connection.
03:15
The two supported are Azure and Okta.
03:20
The next two steps of implementation is where you will focus on setting up and configuring active directory sync for your account.
03:28
The steps in these phases vary depending on the method you choose for implementation.
03:34
These steps have been conveniently detailed in Autodesk Single Sign-on configuration as shown here.
03:41
In the final phase, you will enable active directory sync to start the synchronization,
03:46
and then you should login to Autodesk account and be sure to review the results.
03:50
Unlike the SSO implementation that benefits users with an easier login process,
03:56
this active directory sync implementation benefits the administrators the most,
04:00
in that now user creation and software entitlements can be driven through your active directory.
