Skip to main content

Directory Sync

stars
Book with padlock and SSO logo tokens, Cryptr bookmark included.

Directory Sync

Facilitate the adoption of your application with automatic, real-time user provisioning and deprovisioning. Synchronize your solution with your customer’s user directory via simple Webhooks. IT Admins have to manage the lifecycle of employee access to third-party applications, as they enter and leave the organization. They use Identity and Access Management (IAM) tools, such as Microsoft Entra ID, Okta or Google Workspace, to manage their users' access to third-party software. Directories enable IT administrators to activate and deactivate accounts, and create groups that define access rules. With Cryptr, you’ll receive in your application a “before/after snapshot” of data changes each time users and groups evolve within their organization’s IAM solution.

  • Quickstart
  • 15 min

In this guide, we’ll help you from activating your Directory Sync for an Organization to provisioning your first user in your own application.

Before Starting

Create your free Cryptr account now, and you will have the necessary element to follow this guide.

  • Organization: You will create your first organization, which could be your customer or even yourself for the first test. Learn more about Organization.

Cryptr Dashboard - Home Page

1. Activate Your First Directory Sync

To enable Cryptr synchronization between you and your customer’s Identity Provider (IdP), you need to activate “Directory Sync” for the organization you wish to synchronize. You can select the Organization via the blue side navigation bar on the left of your screen.

Cryptr Dashboard - Activate Directory Sync

To start the Directory Sync configuration process, click the Directory Sync TRY FOR FREE button at the top right of your screen. Once activated, the Directory Sync section of the administrator configuration portal will be available to the admin of this Organization. The administrator is the designated contact of the client company responsible for Identity and Access Management (such as with Microsoft, Okta or Google).

2. Create Your Webhook

Create an API Endpoint to Receive Data

You need to create an API endpoint (e.g., /directory-sync) in your application that will listen for Cryptr's HTTP POST API requests and act as a receiver for your provisioned user data.

// This example uses Express to receive webhooks
const express = require('express');
const app = express();

// Match the raw body to content type application/json
// If you are using Express v4 - v4.16 you need to use body-parser, not express, to retrieve the request body
app.post('/directory-sync', express.json({type: 'application/json'}), (request, response) => {
const event = request.body;

// Handle the event here
console.log(event)

// Return a response to acknowledge receipt of the event
response.json({received: true});
});

app.listen(8000, () => console.log('Running on port 8000'));

Create a Webhook from the Dashboard

Cryptr Dashboard - Create your webhook

Click on the “Webhooks” button in the navigation bar on the left of your screen. You can create and test a webhook by clicking on the “New Webhook” and “Test Webhook” buttons.

New Webhook

A modal window will appear to guide you through the creation of your webhook.

Cryptr Dashboard - New webhook

Test Your Webhook

You can check response from your API endpoints by triggering an event on your sandbox webhooks. A modal window will appear to guide you through the testing of your webhooks.

Cryptr Dashboard - Test a webhook

3. Setup to Test Synchronization by Yourself

Test with a free Okta

If you’re not using an identity manager, you’ll need to create an account with an identity and access management solution, similar to those used by your customers. Even if you already have an identity manager, we recommend creating a free Okta account to test the Cryptr Directory Sync configurator.

free Okta account

You will need a fully configured SCIM (System for Cross-domain Identity Management) sync with an enterprise identity provider to test synchronization. This means you must act as your own customer administrator and carry out the configuration yourself. This will allow you to grasp the process your customers will do during their onboarding. 😎

Next, on the Organization screen in your Cryptr dashboard, you must invite yourself using your own email address in order to impersonate the Organization’s IT administrator. To do so, click on the button next to the administrator number at the top of the screen to the right of the Organization name.

Cryptr Dashboard - Add Admin

You will receive an access link via email. Simply click on it to access the Directory Sync configuration portal for your organization. This portal is reserved for the IT administrators of your customers, who will be able to configure the synchronization with your application autonomously. It allows Cryptr to exchange useful information between Cryptr’s and your customers’ Sync solution, such as configuration secrets and certificates. The Cryptr Directory Sync configurator is an interactive tutorial that is regularly updated.

Identity provider selection

At the end of your setup, the configurator will prompt you to validate your settings. Your Directory Sync is perfectly configured, and you’re ready to integrate directory synchronization for this Organization into your application.