Azure AD To OpenText Directory Services Provisioning
Azure AD To OpenText Directory Services Provisioning
Azure AD To OpenText Directory Services Provisioning
Integration
Provisioning users and groups from Azure AD to
OTDS using SCIM 2.0
May 2022
1 OTDS Configuration
• Create a dedicated confidential OAuth client for the integration to use
• The access token lifetime can be any value that meets your security policies, but no shorter than
15 minutes (900 seconds).
• Do not specify any redirect URLs. They are not required.
Azure AD OTDS Integration
• Save the OAuth client. OTDS will generate and display the client secret. Save it in a secure
location, such as a password manager application.
• Create a non-synchronized user partition into which you wish AzureAD to synchronize users. The
term ‘non-synchronized’ simply refers to the fact that OTDS itself is not doing the synchronization.
Azure AD synchronizes into OTDS.
• Make the OAuth client an administrator of the partition into which you want to sync users.
Partition -> Actions -> Edit Administrators
2 Azure AD Configuration
• Add or open the OpenText Directory Services application to your Azure AD tenant from the
application gallery
Authentication Method:
OAuth2 Client Credentials Grant
Tenant URL:
<OTDS URL>/otdsws/scim/<PartitionName>
Ensure you are using an https scheme for the OTDS URL. It is insecure to use plain http over the
Internet. Any ‘man in the middle’ would be able to intercept the traffic, steal the secret or the
token, and create/delete users and groups.
Client Identifier:
The oAuth client ID / name used when creating the oAuth client in step 1
Client Secret:
The secret generated by OTDS when creating the oAuth client in step 1
Token Endpoint:
<OTDS URL>/otdsws/oauth2/token
• Configure the user and group mappings if required. However, the defaults are suitable for most
use cases.
NOTE: Azure AD synchronizes periodically on in the background using the interval shown on
‘Statistics’. You may have to wait this interval for users/groups to sync to OTDS. Check the sync
status in Azure AD. The synchronization frequency is within Microsoft’s control.
More details about SCIM 2.0 based provisioning by Azure AD can be found here
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/user-provisioning
Next Step
This guide has covered configuring user and group synchronization with Azure AD. See the
accompanying document Azure AD to OTDS Authentication to configure user authentication with Azure
AD.
About OpenText
OpenText enables the digital world, creating a better way for organizations to work with information,
on-premises or in the cloud. For more information about OpenText (NASDAQ/TSX: OTEX),
visit opentext.com.
Twitter | LinkedIn
opentext.com/contact
Copyright © 2020 Open Text. All rights reserved. Trademarks owned by Open Text.