IT admins are responsible for a number of provisioning tasks — not just provisioning new users to their resources but also provisioning existing users to new resources, like a new application the organization has decided to use.
Each SaaS app requires a unique set of user attributes to create accounts, and user attributes should ideally be populated from the central directory to the requisite app via single sign-on (SSO) connectors. But what happens when the app requires a custom user attribute that’s not already stored in the core directory?
Admins have a few options for adding custom attributes to their directory, depending on which directory they use. One of those options is PowerShell, an automation management language.
Adding a Custom Attribute in Active Directory
Admins managing an Active Directory® (AD) instance can modify the AD schema via tools like Windows Registry, but this process requires careful consideration and execution. There’s a thorough step-by-step guide here — though admins should consider testing schema changes before implementing them on production domain controllers.
Once an admin has added the custom attribute to the schema, they can then modify the attribute for an individual user with the Set-ADUser cmdlet in PowerShell or in bulk through a CSV import into AD.
However, various challenges exist in this process, and updating your AD schema is not a task to be taken lightly, as there’s no straightforward way to undo the changes should you need to for any reason. Beyond that, AD does not federate core identities to SaaS apps natively. Instead, admins will need to seek a third-party SSO solution to extend their user identities to cloud resources.
Adding a Custom Attribute in JumpCloud
JumpCloud’s Directory-as-a-Service® has an integrated PowerShell module for automation and bulk tasks. JumpCloud serves as a full-suite directory in the cloud, and admins can choose whether to control the directory from the web-based UI console or various other options, like the PowerShell module.
The module allows admins to add and modify custom user attributes at scale. You can accomplish this by uploading a CSV with the new (Read more…)