Onboarding Identity provider configuration and setup
The Microsoft: User Onboarding Crate supports multiple identity provider configurations to fit different IT environments. Choosing the correct configuration for each customer organization ensures that users are created and managed correctly in Active Directory, Azure AD, or both.
Configuration
User created in
Is sync enabled
Best for
On-Prem AD Only
Active Directory
No
Organizations using only local Active Directory
Azure AD Only
Microsoft Entra ID (Azure AD)
No
Cloud-only environments, no local infrastructure
Hybrid with AD Sync
On-Prem AD & Synced to Azure AD
Yes
Organizations needing hybrid identity management
Hybrid with No AD Sync
On-Prem AD & Azure AD, separate
No
Environments where accounts need separate configurations
Each setup requires that specific organizational variables be correctly configured.
Configure identity provider settings
Set up organizational variables
Organizational variables define how Rewst handles identity creation and management. These settings must be configured in Rewst > Configuration > Organizational Variables. Follow this guide to configure organizational variables under the customer’s organization.
Variable name
Purpose
primary_identity_provider
Defines whether users are created in On-Prem AD, Azure AD, or Hybrid mode.
preferred_domain_controller
Hostname of the domain controller for executing PowerShell commands.
preferred_adconnect_server
Hostname of the ADConnect server for syncing users to Azure AD.
onprem_no_adsync
If set to 1, prevents On-Prem AD users from syncing to Azure AD.
user_name_format
Defines the username format for new users. (See table below)
Username format options
In the following table, John Smith is used as the example. All value to enter formats are provided in lowercase.
Legend for format types
F = first initial E.g., J for John
L = last initial E.g., S for Smith
firstname = full first name E.g., John
lastname = full last name E.g., Smith
middle = middle name E.g., Michael
period (.) = separator between first name and last name
*underscore (_) ** = separator between first name and last name
Example
Value to enter
John.Smith
firstname.lastname
John_Smith
firstname_lastname
JohnSmith
firstnamelastname
johnsmith
firstnamelastname
John.S
firstname.l
John_S
firstname_l
JohnL
firstnamel
johnl
firstnamel
John
firstname
john
firstname
J.Smith
f.lastname
JSmith
flast
jsmith
flast
Smith.John
lastname.firstname
smith_john
lastname_firstname
SmithJohn
lastnamefirstname
smithjohn
lastnamefirstname
Smith.J
last.f
smith.j
last.f
SmithJ
lastf
smithj
lastf
Smith
lastname
S.John
l.firstname
smithj
lfirst
John.Middle.Smith
firstname.middle.lastname
John_Middle_Smith
firstname_middle_lastname
John.M.Smith
firstname.m.lastname
john_m_smith
firstname_m_lastname
JohnM.Smith
firstnamemiddlelastname
johnmsmith
firstnamemiddlelastname
J.M.Smith
fmlast
jmsmith
fmlast
Ensure that these variables are set before testing onboarding workflows.
On-prem Active Directory configuration
Select On-Prem AD if:
The user only exists in an on-premises environment
There is no need for Azure AD sync
Rewst will manage Active Directory users via RMM integration
Required organizational variables
Variable name
Purpose
Is required
primary_identity_provider
Must be set to on_prem
Yes
preferred_domain_controller
The domain controller Rewst will use for PowerShell commands.
Yes
onprem_no_adsync
Set to 1 to prevent AD sync.
Optional
Ensure that Active Directory organizational units are properly configured for user placement.
Azure Active Directory configuration
Select Azure AD if:
The user only exists in Microsoft Entra ID (Azure AD)
The organization does not use on-premises Active Directory
Microsoft Graph API handles user provisioning
Required organizational variables
Variable name
Purpose
Is required
primary_identity_provider
Must be set to azure_ad
Yes
preferred_adconnect_server
Only required for Hybrid setups.
No
Ensure that Microsoft Graph API is enabled for Rewst to interact with Azure AD.
Hybrid with AD sync configuration
Select Hybrid with AD Sync if:
The user needs both an on-prem AD and Azure AD account
AD Connect will sync changes from on-prem AD to Azure AD
Rewst will handle user creation in on-prem AD, then sync the user to Azure AD
Required organizational variables
Variable name
Purpose
Is required
primary_identity_provider
Must be set to on_prem
Yes
preferred_domain_controller
The domain controller for executing PowerShell commands.
Yes
preferred_adconnect_server
The AD Connect server responsible for syncing.
Yes
Ensure that AD Connect is running and properly syncing users between AD and Azure AD.
Hybrid with no AD Sync configuration
Select Hybrid with No AD Sync if:
The user needs separate accounts in both AD and Azure AD
AD Connect is NOT used to sync users
Different username or email formats are required in AD and Azure AD
Required organizational variables
Variable name
Purpose
Is required
primary_identity_provider
Must be set to on_prem
Yes
onprem_no_adsync
Must be set to 1 to prevent syncing.
Yes
Ensure that username formatting rules are properly defined in Rewst to avoid conflicts.
Ticketing and documentation configuration
Configure the following ticketing-related settings in Rewst > Configuration > Organizational Variables.
Variable name
Purpose
default_psa
Select the PSA where tickets will be logged.
psa_default_board_id
The board where Rewst-generated tickets will be placed.
default_ticket_status
The status used when Rewst is actively working on a ticket.
ticket_status_waiting_input
The status when Rewst is waiting for input, such as license purchases.
ticket_status_workflow_complete
The status when Rewst has finished the workflow.
default_priority
Sets the priority for Rewst-created tickets.
psa_send_from_address
Defines the reply-to address for emails sent from Rewst.
Your PSA integration must be fully functional before assigning ticket-related variables.
Last updated
Was this helpful?