Note: The functionality described below is available only to Grammarly Business enterprise accounts. If you’re interested in enabling this feature, please contact your account manager or the Grammarly Support team.
This guide provides the steps required to configure provisioning for Grammarly in Azure AD. For general information about provisioning, please refer to this page.
Topics covered in this article:
The following provisioning features are supported in Azure AD:
- Create users in Grammarly
- Remove users in Grammarly when they no longer require access
- Keep user attributes synchronized between Azure AD and Grammarly
- An Azure AD tenant
- A user account in Azure AD with permission to configure provisioning (e.g., Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator)
- A Grammarly Business account with the owner permissions
- A Grammarly app configured in Azure AD
- SAML Single Sign-On (SSO) enabled in Grammarly
Step-by-Step Configuration Instructions
- Log in to your Grammarly Business account, go to the Provisioning page, and click Configure.
- Click the Activate SCIM button.
- Generate a SCIM token by clicking the Create token link.
- Copy the SCIM token for future use, click Got it, and close the window.
- Sign in to the Azure portal. Select Enterprise applications, then select All applications.
- In the applications list, select Grammarly.
- Select the Provisioning tab.
- Set the Provisioning Mode to Automatic.
- Under the Admin Credentials section, in the enter Tenant URL field enter https://sso.grammarly.com/scim/v2, and in the Secret Token field enter the token provided by Grammarly (see Step 4 above). Click Test Connection to ensure Azure AD can connect to Grammarly. If the connection fails, ensure your Grammarly account has Admin permissions and try again.
- In the Notification Email field, enter the email address of a person or group who should receive the provisioning error notifications and select the box next to Send an email notification when a failure occurs check.
- Select Save.
- Under the Mappings section, select Synchronize Azure Active Directory Users to Grammarly.
- Review the user attributes that are synchronized from Azure AD to Grammarly in the Attribute-Mapping section. The attributes selected as Matching properties are used to match the user accounts in Grammarly for update operations. If you choose to change the matching target attribute, you will need to ensure that the Grammarly API supports filtering users based on that attribute. Select the Save button to commit any changes.
- To configure scoping filters, refer to the following instructions provided in the scoping filter tutorial.
- To enable the Azure AD provisioning service for Grammarly, change the Provisioning Status to On in the Settings section.
- Define the users and/or groups that you would like to provision to Grammarly by choosing the desired values in Scope in the Settings section.
- When you are ready to provision, click Save.
This operation starts the initial synchronization cycle of all users and groups defined in Scope in the Settings section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every forty minutes as long as the Azure AD provisioning service is running.
Provisioning of already assigned user
If you already have Grammarly members in your Grammarly Business account and you turn on provisioning, a reconciliation process needs to happen. As part of this process, Azure AD will notify Grammarly of all assigned users. Grammarly will reconcile users already invited via a provisioning request from the identity provider and their status will be reflected on the Members page. To determine users who haven’t been reconciled with Azure AD, access the Provisioning page. If there are users who haven’t yet been provisioned by the identity provider, the Provisioning page will show a warning banner. Click the Download report link to download a CSV file containing the list of members that haven’t yet been provisioned. This report can be used to bulk delete outstanding users, if appropriate, or for manual processing.
Once you’ve configured provisioning, use the following resources to monitor your deployment:
- Use the provisioning logs to determine which users have been provisioned successfully or unsuccessfully.
- If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states here.
- When assigning users and groups to Grammarly, you must select a role other than Default Access. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can update the application manifest to add additional roles.
- When users are deactivated in Azure AD, they will be deactivated in Grammarly. Users will not be able to log in to the application, but their data will remain available as an “inactive user.” After 30 days, the user will be deleted from the business account.