The Factorial integration creates efficiencies for HR and IT, and improves security by automating user identity management workflows. This integration allows HR and other Factorial Admins, to create users and sync key user data to ºÚÁϺ£½Ç91Èë¿Ú, where IT can utilize workflows and dynamic groups to manage access, policies and permissions to all the resources the user needs to be productive.
Prerequisites
- Administrator account in Factorial
- A ºÚÁϺ£½Ç91Èë¿Ú API key to connect Factorial and ºÚÁϺ£½Ç91Èë¿Ú.
Important Considerations
- Syncs from Factorial to ºÚÁϺ£½Ç91Èë¿Ú happen as changes are made to the attributes that sync.
Preparing for the Factorial integration
To create a new ºÚÁϺ£½Ç91Èë¿Ú Admin account for the Factorial Integration
- Log in to the with an administrator account.
- Click your initials in the top right corner.
- Select Administrators.
- Click the green + icon.
- Enter a first name, such as ‘Factorial’.
- Enter a last name, such as ‘Integration’.
- Enter the email address you want associated with this account.
- Select Administrator for the Role.
- It is recommended that you enable Multi-factor Authentication Required.
- Click Save.
- Go to the inbox of the email address specified for this account.
- Find the ºÚÁϺ£½Ç91Èë¿Ú Administrator Account Setup email.
- Click Setup Account in the email.
- Enter a password in the Password and Confirm Password fields.
- Check the box to agree to the Terms of Use.
- Click Reset Password.
- If the option to require Multi-factor Authentication was enabled, do the following:
- Follow the instructions to download ºÚÁϺ£½Ç91Èë¿Ú protect if you don’t have it or another Authenticator app.
- Otherwise, click I Have An App.
- Add the ºÚÁϺ£½Ç91Èë¿Ú account.
- Verify the TOTP code from the Authenticator app.
- Click Submit.
To get your ºÚÁϺ£½Ç91Èë¿Ú API Key
Note: The Admin API key needs to belong to an Admin that has one of the following roles; Manager, Administrator or Admin with Billing. Creating an administrator service account with one of these roles is one way to ensure the integration isn't dependent on a specific admin account.
Once a new API key is generated, this revokes access to the current API key.
- Log in to the with the administrator account you want to use to generate the API key for this integration.
- Click your initials in the top right corner.
- Select My API Key.
- Click on Generate New API Key.
- Copy the API Key and store it securely, or leave this tab open while you complete the integration configuration steps in the SP.
This is the only time your API key will be visible to you. Store it somewhere safe, such as the ºÚÁϺ£½Ç91Èë¿Ú Password Manager, so you can access it later.
Connecting the ºÚÁϺ£½Ç91Èë¿Ú app in Factorial
- Login to with an administrator account.
- Click Marketplace from the left navigation menu.
- Search for and select ºÚÁϺ£½Ç91Èë¿Ú.
- Click Install.
- Follow the instructions.
Syncing users data from Factorial to ºÚÁϺ£½Ç91Èë¿Ú
User information syncs whenever the following occurs:
- User is added to Factorial
- Name or email address is updated in Factorial
- User is terminated in Factorial
Factorial Attributes that Sync
Factorial Value | ºÚÁϺ£½Ç91Èë¿Ú Attribute | ºÚÁϺ£½Ç91Èë¿Ú UI Field Name | Notes |
---|---|---|---|
Work email | Company Email | Required. Users will not sync if a work email address is not defined. (max length 1024) | |
N/A | username | Username | The user name is set to Firstname.Lastname. If the username already exists in your ºÚÁϺ£½Ç91Èë¿Ú organization, a number will be appended to the last name (e.g., alpha.zed1) |
First Name | firstname | First Name | |
Last Name | lastname | Last Name |
Managing user access and access policies for ºÚÁϺ£½Ç91Èë¿Ú managed resources
Once users are created in ºÚÁϺ£½Ç91Èë¿Ú, you can grant them access to any of the resources connected to ºÚÁϺ£½Ç91Èë¿Ú from a device to applications, networks, etc. User, device, and policy groups allow you to more efficiently assign resources to users and control the level of permissions they are given. Access policies allow you to control how, on what device, and from where they can access their assigned resources.
All user access and access policy management for ºÚÁϺ£½Ç91Èë¿Ú managed resources is done directly in the ºÚÁϺ£½Ç91Èë¿Ú Admin Portal or through the ºÚÁϺ£½Ç91Èë¿Ú API. For more information see, Get Started: Users, Get Started: User Groups, and Get Started: Conditional Access Policies.
Managing devices and policies
Using ºÚÁϺ£½Ç91Èë¿Ú's device management features will allow you to control settings on your devices, including Firewalls, Disk Encryption, Security Settings and common compliance policy groups.
All device and policy management actions are done directly in the ºÚÁϺ£½Ç91Èë¿Ú Admin Portal or through the ºÚÁϺ£½Ç91Èë¿Ú API. For more information, see Get Started: Devices and Get Started: Policies.
Activating a user in ºÚÁϺ£½Ç91Èë¿Ú
A user in the Staged user state in ºÚÁϺ£½Ç91Èë¿Ú does not have access to their assigned resources. Once a user has been assigned a device, policies, and all other needed ºÚÁϺ£½Ç91Èë¿Ú managed resources, the user will need to be activated in ºÚÁϺ£½Ç91Èë¿Ú to gain access to those resources. For more information about activating a user, read Manage User States.
- Log in to the with an administrator account.
- Go to USER MANAGEMENT > Users.
- Select the user you want to activate.
- Click the dropdown menu next to Staged above the Security Status section in the left panel.
- Select Activate.
- Click Schedule Activation to activate the user on a future date and time or Activate Now to activate the user immediately.
For Scheduled Activation, the time must be at least one hour in the future.
- Select and populate the Send email to field to notify the user of their ºÚÁϺ£½Ç91Èë¿Ú account activation.
- Click Save.