Documentation Index
Fetch the complete documentation index at: https://docs.iru.com/llms.txt
Use this file to discover all available pages before exploring further.
User Directory Integration
User Directory Integration in Iru Endpoint allows you to connect your existing identity provider (like Microsoft Entra ID, Google Workspace, or Okta) to automatically sync user accounts and enable seamless authentication across your organization.
Iru Endpoint lets you assign users to specific devices. Using a directory integration to import users allows you to manage your Iru Endpoint user assignment centrally. You can configure automatic device assignment based on your directory settings. Device users in Iru Endpoint can only be created and assigned via a directory integration.
To import users, you can connect multiple Google Workspace, Microsoft Entra ID, or System for Cross-Domain Identity Management (SCIM) integrations. This article covers adding Active Directory and Google Workspace user directories to Iru Endpoint. These native methods are simple to configure and require only a directory administrator account with access to the directory you are trying to integrate. After the initial user sync, Iru Endpoint will import users and groups every four hours.
If you prefer user accounts be added and removed as they are created within your directory, use a SCIM integration. SCIM requires more upfront configuration but allows for Just-in-Time (JiT) account provisioning and de-provisioning. You can use SCIM with Microsoft Entra ID, Okta, and other directory systems that support it. Refer to SCIM Directory Integration for more information. Adding Directory Integrations
Microsoft Entra ID
Google Workspace
Add a Microsoft Entra ID Integration
Open Integrations
Click your name at the bottom of the left navigation, then select Integrations. Discover Integrations
Click Discover integrations in the upper-right of the Integrations page.
Add Microsoft Entra ID Integration
Under Directory integrations, click Add and configure under Microsoft Entra ID.
Start Setup
Click Get started.
Enter Integration Name
Enter a unique name, which will be used in Iru Endpoint to show the directory from which a user originates.
Sign in with Microsoft Entra ID
Click Sign in with Microsoft Entra ID.If you are signing in with an account that is not a Global Administrator, you may need to request approval during that sign-in process. Once a Global Administrator approves the request, you can complete the sign-in process.
Complete Authentication
Sign in using a Microsoft Entra ID account with admin access to the directory you want to integrate.
Consent and Accept
Consent on behalf of your organization and click Accept. You will see the new user directory on the Integrations page.
The Google Workspace Integration in Iru Endpoint allows customers to sync all Google Workspace user and group objects into the user directory within Iru Endpoint. These delegated permissions are leveraged through the Google API to synchronize user directory information.Add a Google Workspace Integration
Open Integrations
Click your name at the bottom of the left navigation, then select Integrations. Discover Integrations
Click Discover integrations in the upper-right of the Integrations page.
Add Google Workspace Integration
Under Directory integrations, click Add and configure under Google Workspace.
Start Setup
Click Get Started.
Enter Integration Name
Enter a unique name, which will be used in Iru Endpoint to show the directory from which a user originates.
Sign in with Google
Click Sign in with Google.
Complete Authentication
Sign in using a Google account with admin access to the directory you want to integrate.
Allow Access
Click Allow. You will see the new user directory on the Integrations page.
Google Workspace Permissions
The following permissions are automatically requested and required to successfully sync Google Workspace users into Iru Endpoint. A Google Administrator must have sufficient permissions to delegate the following permissions to Iru Endpoint.| Permission | Display Text | Justification |
|---|
| openid | See info about users on your domain | Associate you with your personal info on Google |
| userinfo.profile | See info about users on your domain | See your personal info, including any personal info you’ve made publicly available |
| userinfo.email | See info about users on your domain | See your primary Google Account email address |
| admin.directory.group.readonly | View groups on your domain | View details (e.g., name, members) and metadata (e.g., login details) of groups on your domain |
| admin.directory.user.readonly | See info about users on your domain | Permission to see profile info about your domain users, such as their: Name, Email, Job Title, and Department |
Disconnect Integration from Google
Access Google Permissions
Remove Iru Endpoint Application
Click Remove for the Iru Endpoint application in the list of applications.
Access Directory Integration
Click the ellipsis on the Directory Integration you would like to view.
View Details
Select View details.
Force a User Directory Sync
Microsoft Entra ID and Google Workspace directories sync automatically every four hours, but you can force an immediate sync. SCIM uses a push mechanism from the cloud directory so it is not necessary to force-sync a SCIM directory integration.
Access Directory Integration
Click the ellipsis on the Directory Integration you would like to sync.
Sync Users
Select Sync users.
Re-authenticate a Directory Integration
You might need to re-authenticate an existing Microsoft Entra ID or Google directory integration to update credentials, change the account that was used to create the integration, or to update permissions.
Access Directory Integration
Click the ellipsis on the Directory Integration you would like to re-authenticate.
Re-authenticate
Select Re-authenticate.
Complete Authentication
Sign in using a Google or Microsoft Entra ID account with admin access. You will be redirected back to the Integrations page.
Remove a Directory Integration
Removing the integration will remove users not assigned to devices from Iru Endpoint. Users assigned to devices will remain, but Iru Endpoint will no longer synchronize them with the directory.
Access Directory Integration
Click the ellipsis on the Directory Integration you would like to delete.
Delete Integration
Select Delete integration.
Confirm Deletion
Confirm by typing the name of the integration.
Complete Deletion
Click Delete.
