Versions Compared

Old Version 7

changes.mady.by.user Mikko Kerava

Saved on

compared with

New Version 8

changes.mady.by.user Mikko Kerava

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleHow AzureAD syncs work?

SyncModule reads AzureAD data via Azure GraphAPI over HTTPS connection.

Expand
titleWhich attribute names are used when reading from AzureAD

As SyncModule use GraphAPI to read AzureAD data, mappings must be done using property names of user resource type of GraphAPI. See GraphAPI documentation for the full list https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#properties

Note, that the naming of some attributes/properties differ between On-Prem AD and AzureAD and also between AzureAD and GraphAPI. Some common examples below:

On-Prem AD Attribute (LDAP)

AzureAD Attribute

GraphAPI property

telephoneNumber

TelephoneNumber

businessPhones

mobile

Mobile

mobilePhone

sn

Surname

surname

physicalDeliveryOfficeName

PhysicalDeliveryOfficeName

officeLocation

Expand
titleWhat is needed to configure AzureAD syncs?

For all Syncs:

  • App registration must be added to customers AzureAD tenant.

For User sync following must be defined:

  • AzureAD group of which members will be synced

  • Attribute mappings

  • Removal policy

  • Email address for sync reports

Directory sync of existing users:

  • Attribute mappings

Directory sync of directory entries:

  • AzureAD group of which members will be synced as directory-entires

  • Attribute mappings

...