User administration after deploying an app RRS feed

  • Question

  • Hi,

    We've managed to deploy a few apps in my company; Citrix sharefile and Drupal with single-sign-on via Azure. We haven't quite worked out how to do the user Administration with these apps. We don't want a case where we setup a user in Office 365 and then have to setup the user seperately in Sharefile or Drupal. Could someone point me in the right direction here?



    Wednesday, July 22, 2015 8:19 AM

All replies

  • Both these applications don't support user provisioning from Azure side. So you need to have an account in both systems.  You need to have a custom solution or  script.

    Santhosh Sivarajan | Houston, TX | www.sivarajan.com

    Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012

    Blogs: Blogs
    Twitter: Twitter
    LinkedIn: LinkedIn
    Facebook: Facebook

    Microsoft Virtual Academy: Microsoft Virtual Academy

    This posting is provided AS IS with no warranties, and confers no rights.

    Wednesday, July 22, 2015 5:52 PM
  • Hi Santhosh, 

    Ok, thank you. Is this something you could help me with or pass me onto someone who could?



    Wednesday, July 22, 2015 6:09 PM
  • Noel -

    I've been trying to get SSO from Office 365 to Citrix ShareFile to work for weeks now.
    Did you have to do anything special to get it to work?

    I have followed the MSDN tutorial (can't put the full link: dn890695.aspx) and still nothing.

    Keep getting the error:
    AADSTS70001: Application with identifier company.sharefile.com/saml/info was not found in the directory 6f75ac4c-4b31-4ca5-8704-xxxxxxxxxxxx
    (italics are fake)

    If it helps, you should be able to use the ShareFile UMT (User Management Tool) to sync ShareFile with your local Active Directory (if you have one). Assuming you populated Office 365 by syncing it with the Azure AD Connect tool, this should give you identical users in both services.

    If you are using Office 365 as your primary AD repository, then that probably will not help.


    Wednesday, July 22, 2015 8:03 PM
  • Hi Russ,

    Yeah, I'd be happy to help you, please open a new question for your issue. I found the SAML Tracer very useful for Troubleshooting. Perhaps first run the > get-msolserviceprincipal -AppPrincipalID 'here enter your Citrix Prinicpal ID' PS command and post your results in your question.

    I'm not syncing with a local AD, just the Office 365 Azure AD.

    I've recently been looking into the GraphAPI and i think this could be a way of solving my issue, I would appreciate any Support if anyone has any experience with it.



    Thursday, July 23, 2015 6:19 AM
  • Hey Noel -

    After I posted my note last night, I started throwing different settings at the ShareFile App wizard and hit on some that worked. Isn't that always the case?

    Anyway, thanks for the offer, but I seem to be OK now. I'll try and post some info to the MSDN tutorial and see if I can get them to update article.

    This may seem like a long shot, but what if you created a local AD server, and synced the Azure AD to your local server using the AD Connect tool, then ran the UMT on that local server? I've browsed some posts that said reverse-syncing worked for them on a clean local AD, though I can't seem to find them now. Kind of a pain, I know, but if your GraphAPI doesn't work out, this may be a good brute-force method.

    This is (sort-of, still can't post links) the link to Azure AD Connect docs: azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/

    If you search on "Customize Synchronization options" it mentions "enabling sync options such as user, group, device or password write-back".


    Thursday, July 23, 2015 2:36 PM
  • Hi Russ, 

    Cheers for the reply but we're going the cloud route, so no local AD for me. I've been playing with the Graph API a little today and made a bit of progress. I would like a little help with it though. I'll paste into this ticket what I've done so far tomorrow.



    Thursday, July 23, 2015 7:00 PM
  • I'm currently trying to get the Access token for the graph. I get the following error in Fiddler: "error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS70008: The provided access grant is expired or revoked.

    I'm not sure how to refresh the token, can anyone help here?

    Monday, July 27, 2015 1:18 PM
  • Greetings!

    You may use the reference below to acquire refresh token when access token expires and to further request the access tokens.

    Reference: https://msdn.microsoft.com/en-us/library/azure/dn645538.aspx

    Thank you,


    Saturday, September 19, 2015 10:30 PM