Entra ID Provisioning Tool
Introduction
This user guide provides instructions for using the provisioning.exe
tool designed to streamline the creation of security keys for users on the Microsoft Azure sign-in portal. This document covers the initial beta version of the tool, which will be continuously improved over time.
Initial Steps
Before using the provisioning.exe
tool, ensure the following:
Recommended Chrome Version: Version 119.0.6045.200 (Official Build) (64-bit) or a more recent version is installed.
Compatible Windows: Windows 8 or higher is recommended.
Download Lists of Users:
- To download user data for provisioning, follow these steps:
- Go to the IDmelon panel.
- Navigate to the “Users” menu.
- Select the users for whom you want to perform the provisioning action.
- Once you have selected the users, click on the export users icon.
- From the dropdown, choose the “Export for Bulk Provisioning” option.
- This action will initiate the download of a CSV file containing the information of the selected users.
Downloading and Preparing the Tool:
- Download the
provisioning.exe
tool. - Place both the
users.csv
and theprovisioning.exe
in the same directory.
- Download the
Using the Tool
To effectively utilize this tool, follow these steps:
Ensure that you are logged into your workspace at the following address: https://panel.idmelon.com
After logging in, execute the following command to retrieve credentials and initiate the tool’s setup:
.\provisioning.exe --login
The tool will provide guidance throughout the setup process. Once ready, press Enter.
Subsequently, the tool will open your web browser and redirect you to the Microsoft portal for authorization.
Upon successfully granting access, you will be redirected back to the IDmelon panel, and a success message will be displayed in your CMD/PowerShell, confirming the successful login.
Once you receive this success message, you may proceed to use the tool.
CAUTION: Please note that the credentials remain valid for 12 hours. After this duration, the tool will prompt you to perform the login procedure again, as described in this section.
Execution Steps
Hold the Shift key and right-click in the directory where the
provisioning.exe
exists.Select “Open PowerShell” from the context menu.
In the PowerShell window, use the following command to execute the script:
.\provisioning.exe --csv .\users.csv
This command will execute a silent version of the tool; however, it is recommended to execute the tool using the following command for visual monitoring:
.\provisioning.exe --csv .\users.csv --mode headful --verbose
Options
The following command will execute the tool with verbose output:
.\provisioning.exe --csv .\users.csv --verbose
If you prefer to monitor the process in a visible browser window (headful mode), you can use the following command. However, ensure not to interact with the opened browser window during the process, as it may disrupt the workflow:
.\provisioning.exe --csv .\users.csv --mode headful
Note: It is possible to chain options to have both a headful browser and verbosity:
.\provisioning.exe --csv .\users.csv --mode headful --verbose
Version Information: To print the version of the tool, use the --version
flag:
.\provisioning.exe --version
Troubleshooting Common Issues
SSL Certificate Verification Error
If you encounter an SSL certificate verification error with the message “[SSL: CERTIFICATE_VERIFY_FAILED] Certificate verification failed: unable to get the local issuer certificate,” you can resolve it using either of the following flags:
--disable-ssl-verify
(recommended):.\provisioning.exe --csv users.csv --mode headful --verbose --disable-ssl-verify
--local-ssl-verify
:.\provisioning.exe --csv users.csv --mode headful --verbose --local-ssl-verify
Note: This error might be related to your organization’s network configuration. Please try changing the network if possible before using these commands.
Sync User Data Error
If you encounter the error message “Failed to retrieve TAP: Sync user data by importing from Azure AD and try again,” you will need to sync the imported users with Microsoft Entra ID from the IDmelon panel again. This issue is related to Microsoft session management and is not related to IDmelon.
Logging and Issue Tracking
We are tracking the tool’s activity and collect logs in both visual and text formats. The tool takes screenshots and generates textual logs during its operation. The logs and screenshots directories are automatically created next to the provisioning.exe
file.
In case you encounter any issues or errors while using the tool, please consider sharing the logs and screenshots with us. This will help us diagnose and address the cause of any failures more effectively. Your cooperation in this regard is highly appreciated.
Note: All logs are collected on your local computer. The tool does not collect any data on IDmelon servers.
Important Notes
Headful Mode Caution: In headful mode, avoid any interaction with the open browser window, even if you believe it is stuck on an error. The script will detect errors and continue after a few seconds. If the page goes blank, it will be interrupted after 90 seconds, so do not interact with the browser.