...
This page is for older ‘pull based’ user synchronization, which reads AzureAD information via GraphAPI.
We have newer and better ‘push based’ SCIM user synchronization, which should be used if you are implementing new user data synchronization.
General
There are three separate synchronization options to synchronize user data from Azure Active Directory to BeneCloud Enreach Cloud systems.
User data synchronization
Directory synchronization of users
Directory synchronization of directory entries
Synchronization is done as a daily batch job by default.
...
...
Reading AzureAD information is done via Azure Graph API. This requires that new application must be registered to Azure Active Directory in Azure portal and rights to read directory data must be granted. Detailed instructions for setting up app registration in chapter 4.
...
Registering Directory Synchronization on Azure Portal
1. Log in https://
...
portal.
...
Fields for User information
BenePortal attribute | Description | Source |
UserEmail | Email of User. Username when login to BeneDesk |
|
FirstName | First name |
|
LastName | Last name |
|
AltEmail | Alternative email to send password recovery emails etc. |
|
ContractName | Contract name |
|
BillingContractName | Billing contract name. |
|
UserCountry | User Country |
|
UserRegion | User region in TZ-format (Europe/Helsinki) |
|
UserLanguage | User language in RFC 1766 format (fi-FI, en-GB etc.) |
|
CostCenter | Cost Center |
|
ExtAuthUserName | Username used if External authentication is used |
|
ExtAuthDomain | Domain, if external authentication is used |
|
...
- Constant default value, set for all users
- Value from AzureAD attribute. Will override constant default value if found
- If left unmapped, value can be set in portal and will not be overwritten in sync
Fields for Directory information
Directory field | Description | Source for Users | Source for DirectoryEntries |
ExternalId | External ID, if directory is synced from external system |
|
|
Email* | Email Address | BenePortal: UserEmail |
|
FirstName* | First Name | BenePortal: FirstName |
|
LastName* | Last Name | BenePortal: LastName |
|
Description | Description is usually left for switchboard usage |
|
|
Title | Title |
|
|
WorkNumber* | Work number | BenePortal: Work number |
|
MobileNumber* | Mobile number | BenePortal: Mobile number |
|
OtherNumber | Other number |
|
|
Company | Company name |
|
|
Subcompany | Sub company |
|
|
Location | Location |
|
|
Department | Department |
|
|
Group | Group |
|
|
Team | Team |
|
|
Superior | If mapped to Manager, DisplayName of user linked as manager is set. |
|
|
Substitute | Substitute |
|
|
Address | Address |
|
|
PostalCode | Postal code |
|
|
City | City |
|
|
Country | Country |
|
|
PhoneticName | Phonetic name |
|
|
...
Registering Directory Synchronization on Azure Portal
azure.com as an administrator
Log in https://portal.azure.com as an administrator
2. Select Azure Active Directory -> App registrations -> New application registration
3. Enter describing name for the application, and click Register. Redirect URI
...
: https://discover.enreachvoice.com/
...
4. Select API Permissions.
Add
...
Microsoft Graph -> Application
...
permissions
Add following permissions
Group/ Group.Read.All
User/ User.Read.All
...
Click Grant admin consent and then Yes for confirmation pop-up
...
...
4. Make sure that Admin consent status is granted for all permissions
...
5. Select Certificates & secrets.
Add new client secret
Enter a proper description, select Expires = Never and click Add
...
Copy value of new secret to be sent to
...
Enreach
...
6. Go to overview tab and copy value of Application (client) ID
...
Send Application ID and Secret to Benemen
...
...