The following provisioning features are supported in Azure AD:
- Create users in Grammarly
- Remove users in Grammarly when they no longer require access
- Keep user attributes synchronized between Azure AD and Grammarly
- An Azure AD tenant
- A user account in Azure AD with permission to configure provisioning (e.g., Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator)
- A Grammarly Business account with admin access
- A Grammarly app configured in Azure AD
Step-by-Step Configuration Instructions
- Reach out to the Grammarly Support team to activate this feature for your account and to request a provisioning token.
- Sign in to the Azure portal. Select Enterprise applications, then select All applications.
- In the applications list, select Grammarly.
- Select the Provisioning tab.
- Set the Provisioning Mode to Automatic.
- Under the Admin Credentials section, in the enter Tenant URL field enter https://sso.grammarly.com/scim/v2, and in the Secret Token field enter the token provided by Grammarly (see Step 1 above). Click Test Connection to ensure Azure AD can connect to Grammarly. If the connection fails, ensure your Grammarly account has Admin permissions and try again.
- In the Notification Email field, enter the email address of a person or group who should receive the provisioning error notifications and select the box next to Send an email notification when a failure occurs check.
- Select Save.
- Under the Mappings section, select Synchronize Azure Active Directory Users to Grammarly.
- Review the user attributes that are synchronized from Azure AD to Grammarly in the Attribute-Mapping section. The attributes selected as Matching properties are used to match the user accounts in Grammarly for update operations. If you choose to change the matching target attribute, you will need to ensure that the Grammarly API supports filtering users based on that attribute. Select the Save button to commit any changes.
- To configure scoping filters, refer to the following instructions provided in the scoping filter tutorial.
- To enable the Azure AD provisioning service for Grammarly, change the Provisioning Status to On in the Settings section.
- Define the users and/or groups that you would like to provision to Grammarly by choosing the desired values in Scope in the Settings section.
- When you are ready to provision, click Save.
This operation starts the initial synchronization cycle of all users and groups defined in Scope in the Settings section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every forty minutes as long as the Azure AD provisioning service is running.
Once you’ve configured provisioning, use the following resources to monitor your deployment:
- Use the provisioning logs to determine which users have been provisioned successfully or unsuccessfully.
- If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states here.
- Initial activation of Okta provisioning in Grammarly requires contacting Grammarly Support. Please reach out with any questions during your configuration process.
- When assigning users and groups to Grammarly, you must select a role other than Default Access. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can update the application manifest to add additional roles.