Unable to ADD group from Azure AD for On-Prem Orchestrator.

What is the Azure AD Integration?

The Azure Active Directory (Azure AD) Integration offers customers scalable user and access management for their Automation Cloud organization. The Azure Active Directory model lets customers use their existing directory of users and groups to manage permissions within Automation Cloud.

Host-level versus organization-level integration

If the Azure AD integration is enabled at the host level, as described on this page, it is not possible to enable it at the organization/tenant level.

The integration at the host level only enables SSO. But if enabled at the organization/tenant level, the integration allows for SSO, but also for directory search and automatic user provisioning.

• Host level we need to manually configure the Local user for each tenant.
• Tenant level user will auto-provision.

Prerequisite for provisioning of Azure group in tenant level

• To ADD an Azure AD group, you must log in using the Azure user account to Orchestrator.
• You need to manually provide the administrator right to one of the Azure ad users at the orchestrator level.
• You need to manually create a same user at the identity level to login to the identity (Tenant > manage access) (Manual step)
• Once the user is login and have above 2 pointers, he is able to add user and groups from azure AD

What are the customer benefits?

Automatic user onboarding with seamless migration

• All users and groups from Azure AD are readily available within any Orchestrator service to assign permissions.
• Single Sign-On for users whose corporate username differs from their email address.
• All existing users with UiPath user accounts retain their permissions on their connected Azure AD account.

Scalable governance and access management with existing Azure AD groups

• Customers leveraging Azure AD free/premium features can have fine grained governance controls over the access to Orchestrator at the organization level. For example, they can
  • Restrict access to certain Azure AD users or Groups by requiring user assignment for the Azure AD application representing this integration.
  • Restrict access for users accessing Automation Cloud from trusted networks or on trusted devices using Azure AD Conditional Access
  • Govern Orchestrator permission assignment by leveraging Azure AD groups and managing group membership to the Azure AD groups using Azure AD Privileged Identity Management .