Onboarding Identity provider configuration and setup
Last updated
Was this helpful?
Last updated
Was this helpful?
The Microsoft: User Onboarding Crate supports multiple identity provider configurations to fit different IT environments. Choosing the correct configuration for each customer organization ensures that users are created and managed correctly in Active Directory, Azure AD, or both.
Configuration
User created in
Is sync enabled
Best for
On-Prem AD Only
Active Directory
No
Organizations using only local Active Directory
Azure AD Only
Microsoft Entra ID (Azure AD)
No
Cloud-only environments, no local infrastructure
Hybrid with AD Sync
On-Prem AD & Synced to Azure AD
Yes
Organizations needing hybrid identity management
Hybrid with No AD Sync
On-Prem AD & Azure AD, separate
No
Environments where accounts need separate configurations
Each setup requires that specific organizational variables be correctly configured.
Organizational variables define how Rewst handles identity creation and management. These settings must be configured in Rewst > Configuration > Organizational Variables. Follow to configure organizational variables under the customer’s organization.
Variable name
Purpose
primary_identity_provider
Defines whether users are created in On-Prem AD, Azure AD, or Hybrid mode.
preferred_domain_controller
Hostname of the domain controller for executing PowerShell commands.
preferred_adconnect_server
Hostname of the ADConnect server for syncing users to Azure AD.
onprem_no_adsync
If set to 1, prevents On-Prem AD users from syncing to Azure AD.
user_name_format
Defines the username format for new users. (See table below)
In the following table, John Smith is used as the example. All value to enter formats are provided in lowercase.
F = first initial E.g., J for John
L = last initial E.g., S for Smith
first = full first name E.g., John
last = full last name E.g., Smith
middle = middle name E.g., Michael
period (.) = separator between first name and last name
Example
Value to enter
John.Smith
first_last
JohnSmith
firstlast
John.S
first_l
JohnL
firstl
John
first
J.Smith
f_last
JSmith
flast
JS
fl
Smith.John
last_first
SmithJohn
lastfirst
Smith.J
last_f
SmithJ
lastf
Smith
last
S.John
l_first
SJohn
lfirst
When a middle name is present, additional options include:
Example
Value to enter
John.Middle.Smith
first_middle_last
John.MiddleSmith
first_middlelast
John.M.Smith
first_m_last
JohnMSmith
firstmlast
JMSmith
fmlast
JMS
fml
Ensure that these variables are set before testing onboarding workflows.
Select On-Prem AD if:
The user only exists in an on-premises environment
There is no need for Azure AD sync
Rewst will manage Active Directory users via RMM integration
Variable name
Purpose
Is required
primary_identity_provider
Must be set to on_prem
Yes
preferred_domain_controller
The domain controller Rewst will use for PowerShell commands.
Yes
onprem_no_adsync
Set to 1 to prevent AD sync.
Optional
Ensure that Active Directory organizational units are properly configured for user placement.
Select Azure AD if:
The user only exists in Microsoft Entra ID (Azure AD)
The organization does not use on-premises Active Directory
Microsoft Graph API handles user provisioning
Variable name
Purpose
Is required
primary_identity_provider
Must be set to azure_ad
Yes
preferred_adconnect_server
Only required for Hybrid setups.
No
Ensure that Microsoft Graph API is enabled for Rewst to interact with Azure AD.
Select Hybrid with AD Sync if:
The user needs both an on-prem AD and Azure AD account
AD Connect will sync changes from on-prem AD to Azure AD
Rewst will handle user creation in on-prem AD, then sync the user to Azure AD
Variable name
Purpose
Is required
primary_identity_provider
Must be set to on_prem
Yes
preferred_domain_controller
The domain controller for executing PowerShell commands.
Yes
preferred_adconnect_server
The AD Connect server responsible for syncing.
Yes
Ensure that AD Connect is running and properly syncing users between AD and Azure AD.
Select Hybrid with No AD Sync if:
The user needs separate accounts in both AD and Azure AD
AD Connect is NOT used to sync users
Different username or email formats are required in AD and Azure AD
Variable name
Purpose
Is required
primary_identity_provider
Must be set to on_prem
Yes
onprem_no_adsync
Must be set to 1 to prevent syncing.
Yes
Ensure that username formatting rules are properly defined in Rewst to avoid conflicts.
Configure the following ticketing-related settings in Rewst > Configuration > Organizational Variables.
Variable name
Purpose
default_psa
Select the PSA where tickets will be logged.
psa_default_board_id
The board where Rewst-generated tickets will be placed.
default_ticket_status
The status used when Rewst is actively working on a ticket.
ticket_status_waiting_input
The status when Rewst is waiting for input, such as license purchases.
ticket_status_workflow_complete
The status when Rewst has finished the workflow.
default_priority
Sets the priority for Rewst-created tickets.
psa_send_from_address
Defines the reply-to address for emails sent from Rewst.
Your PSA integration must be fully functional before assigning ticket-related variables.