Microsoft Azure AD User Sync

Microsoft Azure AD User Sync

Sync users periodically from Azure Active Directory to AssetExplorer Cloud. You can import users based on criteria and custom-map Azure fields with AssetExplorer fields as required.

Info
 AssetExplorer Cloud just reads user information from Azure via API and does not modify data in Azure. 

 

With Microsoft Azure integration, you can authorize Azure user sync scheduler to update additional user information from Azure AD to AssetExplorer Cloud while mapping fields or configuring the criteria for user import.

 

Role Required: SDAdmin

 

To sync other than basic details, ensure you have Global Administrator profile in Microsoft Azure.

 

 

Enable Azure AD User Sync 

  1. Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
  1. On the Azure AD User Sync card, toggle the integration to enable it.
  2. Click Agree.

  • You will be directed to the Microsoft authorization page to verify user identity if Microsoft Single Sign-on is not configured.

  • Sign in to your Microsoft account and complete the authorization process. This is a one-time process.  

 

After the integration is enabled, details of a minimum of 200 users will be updated to AssetExplorer Cloud every two minutes.


 

Configure Azure AD User Sync   

  1. Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
  2. On the Azure AD User Sync card, click Configure on the Azure AD to schedule the sync or to choose how the user information must be processed in AssetExplorer Cloud when deleted in Azure AD.
You can import users based on criteria and custom map Azure AD fields with AssetExplorer fields.
 

Sync Frequency and User Profile Management   

Set a sync frequency between one to seven days.
When users are deleted in Azure AD, you can modify user profiles in AssetExplorer Cloud as follows: Revoke login, Remove user, and Do nothing.
When users are moved to the trash in Azure AD, you can modify the user in AssetExplorer Cloud as follows: Revoke login, Remove user, and Do nothing.
Select what happens to the deleted users during the next sync cycle. You can either ignore the deleted users or re-sync them using appropriate options.
 

Field Mapping  

Choose which fields from Azure AD should be mapped to the respective AssetExplorer Cloud fields.
 
By default, the following fields will be available for mapping:
Azure AD Fields
AssetExplorer Plus Cloud Fields
Name
First name
Last name
User Principal Name
Email
Display Name
First Name
Last Name
Email
Employee ID
Email
Phone
Mobile
Department
Site
Job Title
Reporting Manager
Secondary Email
Character related UDFs
 
If Microsoft Azure integration is enabled, you can map the following details from Azure AD to AssetExplorer Cloud:
 
Azure AD Fields
AssetExplorer Cloud Fields
Name
First name
Last name
User Principal Name
Job title
Department
Manager
Company Name
Employee ID
Street address
State or Province
Country or region
Office
City
ZIP or Postal Code
Office Phone
Mobile Phone
Email
Alternate Email
Cost Center
Division
Fax Number
On-premises Distinguished Name
On-premises Domain Name
On-premises Immutable Id
On-premises Last Sync Date Time
On-premises SAM Account Name
On-premises Security IdentifierOn-premises User Principal Name
Display Name
First Name
Last Name
Employee ID
Email
Phone
Mobile
Department Name
Site
Job Title
Reporting Manager
Secondary Email
Character related UDFs

Info
 Additionally, the Login Name field will be available and populated with details from the On-premises SAM Account Name, On-premises Domain Name, and On-premises User Principal Name fields. 

Select and map the respective fields as shown below. An Azure field can be mapped with only one AssetExplorer Cloud field.  

 

 

Info
 Field Mapping supports both user and technician additional fields (character-based) 

 


Criteria for User Import 

You can import users based on criteria or without any criteria:
  1. To import users based on criteria, select Based on Criteria and add the conditions. For example, you can set a criterion to import users from a particular site by selecting the Site column, setting the operator value as is, and entering the site name.
  2. To import users without any criteria, select Without Criteria. This option will import all users from Azure AD.

 

 

  1. After configuring the criteria, click Save to save the configurations or Save and Sync to initiate sync.

 

 

You can also start the sync using the Start Sync button on the Azure AD User Sync card under Setup > Apps & Add-ons > Integrations > Third Party Integrations.

 

 

 

Resync Data from Azure  

After the initial sync, administrators can initiate a complete resync of all data from Azure to AssetExplorer Cloud. This option can be used especially when the integration configurations were modified after users were imported to AssetExplorer Cloud.
  1. Go to Setup > Apps & Add-ons > Third Party Integrations
  2. On the Azure AD User Sync card, click Configure.
  3. Select Resync to apply changes to the old data option.
  4. Click Save.

 

Users in Azure

Number of Resync Allowed

Less than 10,000 users

Two resyncs every 24 hours (the time will be tracked for each resync individually)

More than 10,000 users

One resync every 24 hours

 

 



Info
 The option to resync data is available only for the Enterprise edition of AssetExplorer Cloud. 

 

Disabling Azure AD User Sync 

  1. Under Setup > Apps & Add-ons > Third Party Integrations, disable Azure AD User Sync by clicking the toggle button.
  1. Click Disable on the confirmation pop-up.

All users imported into AssetExplorer Cloud from Azure AD will be retained even after user sync is disabled.

 

 

Azure AD User Sync Reports 

Generate reports of all user activities synced from Azure AD, including additions, modifications, deletions, and changes to user information.
To get the report,
  1. Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
  2. On the Azure AD User Sync card, click Configure.
  3. Under Sync Reports, select the Enable Azure AD User Sync Reports check box. 

 

Once enabled, the reports will be available to download on the Azure AD User Sync card under Setup > Apps & Add-ons > Integrations > Third Party Integrations.

 

 

 

 A maximum of 10 reports, each up to 10 MB in size, will be generated. Once this limit is reached, the oldest report will be automatically deleted to accommodate new reports. 

 

 Points to Remember: 

  1. If the administrator who set up Azure AD User Sync integration leaves the organization, the individual who revokes the former user's administrator/global admin privileges will become the integration owner. The new integration owner's token will be used to validate the integration.
  2. Users in unverified domains will be added as non-login users in AssetExplorer Cloud.
  3. Login users will be added only if the Account Enabled field is checked in Azure AD.
  4. If the Account Enabled field is checked after adding users to AssetExplorer Cloud, login permissions will be provided to users during the next scan.
  5. If the Account Enabled field is unchecked after adding users to AssetExplorer Cloud, previously provided login permissions will not be removed for users. However, users added afterward will not receive login permissions.

 

 Process Workflow 

 


    • Related Articles

    • Microsoft Azure

      Azure integration is an additional authorization over Microsoft single sign-on. This integration allows you to import users' department and site details in addition to the basic information from the Azure directory. Role Required: SDAdmin/OrgAdmin in ...

    • User Portal

      Customize the user interface and functionality of the application. To access user portal settings, go to Setup > General Settings > User Portal. Here, you can enable or disable users to edit their profile.

    • User Profile

      Update Profile Picture Click the profile icon and hover over the profile picture to update it. The picture can be in JPG, PNG, JPEG, and BMP formats. Note that the file size should not exceed 5MB. Personalize Customize your display language, time, ...

    • Asset Auto Assign

      AssetExplorer Cloud allows you to automatically assign users to assets based on the last login information from one of the following scanning methods: Domain scan Network scan SCCM scan Manual scan Agent scan via Endpoint Central Asset Auto Assign is ...

    • Configure Organization Details

      Record the essential details of your organization, such as address, contact details, time zone, and logo, in the organization Directory. Role Required: SDAdmin, Organization Admin Go to ESM Directory > Organization Details and provide the details ...