...
Expand | ||
---|---|---|
| ||
Users to be synced in BenePortal is defined by being a member of a specified group in AzureAD. All users belonging in the group or any of its nested subgroups will be included in the sync. |
Expand | ||
---|---|---|
| ||
Following BenePortal fields are mandatory
Following fields are optional
|
Expand | ||
---|---|---|
| ||
BenePortal fields can have constant value, mapping or both. If constant value is set and no attribute mapping, the constant value will be used for all users. If there are both constant value and mapping,. value for fields is first tried to get from the mapped attribute. If it’s not set for a user, the constant value will be used. |
Expand | ||
---|---|---|
| ||
If its needed to have different configurations for different users, multiple sync jobs can be configured. For example, If there are users in two counties, and some values values should be set to BenePortal which are not found from AzureAD-attributes, we can set up two different sync-jobs with a different configuration. There must be then own group for each User Sync job, users to be synced must be a member of only one of these groups! |
Expand | ||
---|---|---|
| ||
WhenSyncModule runs the sync, it gets all users from three sources: Local database, BenePortal and users from AzureAD. If there are users that are found from both from BenePortal and AzureAD (username in BenePortal match UPN in Azure), they are added to the local database and updated to BenePortal if needed. User is now included in the sync, and future changes will be handled similarly as for users created by SyncModule. If there are users in BenePortal which are not found from AzureAD, they are left as is. |
...
Expand | ||
---|---|---|
| ||
Sync is performed for all users in Benemen directory. For each user, SyncModule tries to find the corresponding user from AzureAD by using ExternalId (hidden from Directory) and Email-address. Benemen Email can be mapped to UserPrincipalName or EmailAddress in AzureAD. If the corresponding user is found form AzureAD, directory information of Benemen user is updated based on information in AzureAD. |
Expand | ||
---|---|---|
| ||
Following fields in the directory are managed by BenePortal, and cannot be updated directly:
All other fields can be mapped to be synced from AzureAD:
|
Expand | ||
---|---|---|
| ||
All fields in Benemen directory are plain text, whereas Manager attribute in AzureAD is a link to an other AzureAD user. If the supervisor field is mapped to Manager-attribute, the value of DisplayName-attribute of user set as a manager is set to supervisor field. |
Directory sync of directory entries
Expand | ||
---|---|---|
| ||
Users to be synced as directory entries to Benemen Directory is defined by being a member of a specified group in AzureAD. All users belonging in the group or any of its nested subgroups will be included in the sync. |
Expand | ||
---|---|---|
| ||
If there is already active user having the same username (ie. Email-address), directory entry will not be created. |