How it works
From Slate export to AD account in minutes
No custom integrations. No Slate API access. No AD scripts to maintain. Here's exactly how OnboardConnect connects your admissions system to Active Directory.
Configure your Slate SFTP export
Slate includes a built-in Scheduled Export feature that can push a CSV file to an SFTP server on a recurring schedule. You configure a new Scheduled Export in Slate, point it at your OnboardConnect SFTP endpoint (provided after signup), and choose which fields to include — typically first name, last name, student ID, email, program, and enrollment status.
- No Slate API access or developer credentials required
- No custom Slate forms, queries, or population development needed
- Standard CSV or fixed-width export formats supported
- Schedule as frequently as hourly, or run on-demand
- OnboardConnect provides a dedicated SFTP hostname, port, username, and key pair per account
Define your provisioning rules
In the OnboardConnect dashboard, you build rules that tell the platform exactly how to create an AD account when a student row arrives. You control every aspect of account creation: which lifecycle events trigger provisioning, how the username is constructed, which OU the account lands in, and which groups the user is added to.
- Trigger on any Slate lifecycle event: Enrolled, Deposited, Accepted, or custom status values
- Username format templates: firstname.lastname, f.lastname, studentID, and custom patterns
- OU placement rules based on program, department, campus, or any CSV field
- Group membership assignment (e.g., add all undergrads to "Students" group)
- Password policy selection — temporary password or force-reset on first login
- Conditional rules: only provision if program = "Undergraduate" or campus = "Main"
OnboardConnect polls and processes
OnboardConnect continuously polls your SFTP endpoint for new files. When a new export arrives, each row is evaluated against your provisioning rules. Rows that match a trigger condition are queued for account creation. The platform deduplicates against existing accounts, handles errors gracefully, and retries transient failures automatically.
- Polling interval: 5 minutes to 24 hours (configurable)
- File deduplication — same file delivered twice will not double-provision
- Row-level deduplication — a student already provisioned will not get a duplicate account
- Failed rows are held in a retry queue with detailed error messages
- Supports incremental exports (only new/changed rows) or full-file exports
AD accounts are created automatically
Provisioning commands are dispatched to your AD environment through the OnboardConnect desktop agent (for on-premise AD) or directly via Microsoft Graph API (for Azure AD / Entra ID). The account is created, placed in the correct OU, assigned to groups, and the student can log in — all within seconds of the file being processed.
- On-premise AD: commands execute via the lightweight Windows desktop agent
- Azure AD / Entra ID: direct provisioning via Microsoft Graph API
- Optional welcome email sent to student with account credentials or login instructions
- Every provisioning event written to the audit trail with timestamp and outcome
- Dashboard shows real-time provisioning status across all environments
Technical details
Supported AD environments
OnboardConnect works with both on-premise Windows AD and cloud-based Azure AD / Entra ID — or both at the same time.
On-Premise Active Directory (LDAP)
The OnboardConnect desktop agent is a lightweight Windows service that installs on any Windows Server inside your network. It connects outbound to OnboardConnect over HTTPS — no inbound firewall rules or VPN configuration required. The agent executes LDAP operations against your domain controller on behalf of the cloud platform.
- Windows Server 2012 R2 and later
- Single-domain and multi-domain forests
- No inbound firewall rules required
- Agent runs as a dedicated service account with least-privilege permissions
- Agent auto-updates silently in the background
Azure Active Directory / Microsoft Entra ID
For cloud-only or hybrid Azure AD environments, OnboardConnect provisions accounts directly via the Microsoft Graph API. You grant the OnboardConnect service principal the minimum required permissions, and provisioning happens without any on-premise agent.
- Azure AD / Microsoft Entra ID (cloud and hybrid tenants)
- Uses Microsoft Graph API — no legacy AAD connector required
- Least-privilege app registration: User.ReadWrite.All and GroupMember.ReadWrite.All scopes
- Supports both cloud-only and synced (AD Connect) user objects
- Compatible with Conditional Access and MFA policies
Lifecycle events
Supported Slate lifecycle triggers
Each row in your Slate export has a status or lifecycle value. You map those values to provisioning actions in OnboardConnect.
| Lifecycle event | Description |
|---|---|
| Enrolled | Student has completed enrollment. Most common trigger for account creation. |
| Deposited | Student has paid an enrollment deposit, indicating strong intent to attend. |
| Accepted | Student has been accepted but may not yet be enrolled. Useful for early account setup. |
| Withdrawn | Student has withdrawn. Triggers account disable or deprovisioning workflow. |
| Custom status | Any Slate status value in your export file can be mapped to a provisioning trigger. |
Account naming
Username format options
Choose from common username formats or build a custom template using any field in your Slate export. OnboardConnect automatically handles duplicates by appending a numeric suffix.
firstname.lastname
e.g. jane.smith
f.lastname
e.g. j.smith
firstnamelastname
e.g. janesmith
flastname
e.g. jsmith
lastname.firstname
e.g. smith.jane
studentid
e.g. 1234567
custom template
e.g. Combine any fields with separators
Duplicate usernames are resolved by appending a counter: jane.smith, jane.smith2, jane.smith3, etc.
See it in action with your own data
Request access and connect a test Slate export in minutes. We'll set up your environment together.