Benemen AzureAD Synchronization
General
There is three separate synchronization options to synchronize user data from Azure Active Directory to BeneCloud systems.
- User data synchronization
- Directory synchronization of users
- Directory synchronization of directory entries
Synchronization is done as daily batch job by default.
Deployment requirements
Reading AzureAD information is done via Azure Graph API. This requires that new application must be registered to Azure Active Directory in Azure portal and rights to read directory data must be granted.
Detailed instructions for setting up app registration in chapter 4.
Field mappings
Field mappings define which AzureAD attributes and BeneDesk fields are synchronized. Default mappings are in table below. All mappings can be customized and new mappings can be added.
If there is need to read attributes not normally available in AzureAD such as Exchange extension attributes, see Microsoft guidance https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions
If BeneDesk field is not on mapping list, its contents will not be updated.
Fields for User information
BenePortal attribute |
Description |
Source |
UserEmail |
Email of User. Username when login to BeneDesk |
|
FirstName |
First name |
|
LastName |
Last name |
|
AltEmail |
Alternative email to send password recovery emails etc. |
|
ContractName |
Contract name |
|
BillingContractName |
Billing contract name. |
|
UserCountry |
User Country |
|
UserRegion |
User region in TZ-format (Europe/Helsinki) |
|
UserLanguage |
User language in RFC 1766 format (fi-FI, en-GB etc.) |
|
CostCenter |
Cost Center |
|
ExtAuthUserName |
Username used if External authentication is used |
|
ExtAuthDomain |
Domain, if external authentication is used |
|
Source can be:
- Constant default value, set for all users
- Value from AzureAD attribute. Will override constant default value if found
- If left unmapped, value can be set in portal and will not be overwritten in sync
Fields for Directory information
Directory field |
Description |
Source for Users |
Source for DirectoryEntries |
ExternalId |
External ID, if directory is synced from external system |
|
|
Email* |
Email Address |
BenePortal: UserEmail |
|
FirstName* |
First Name |
BenePortal: FirstName |
|
LastName* |
Last Name |
BenePortal: LastName |
|
Description |
Description is usually left for switchboard usage |
|
|
Title |
Title |
|
|
WorkNumber* |
Work number |
BenePortal: Work number |
|
MobileNumber* |
Mobile number |
BenePortal: Mobile number |
|
OtherNumber |
Other number |
|
|
Company |
Company name |
|
|
Subcompany |
Sub company |
|
|
Location |
Location |
|
|
Department |
Department |
|
|
Group |
Group |
|
|
Team |
Team |
|
|
Superior |
If mapped to Manager, DisplayName of user linked as manager is set. |
|
|
Substitute |
Substitute |
|
|
Address |
Address |
|
|
PostalCode |
Postal code |
|
|
City |
City |
|
|
Country |
Country |
|
|
PhoneticName |
Phonetic name |
|
|
Technical fields
Registering Directory Synchronization on Azure Portal
- Log in https://portal.azure.com as an administrator
Select Azure Active Directory -> App registrations -> New application registration
- Enter describing name for application, and click Register. Redirect URI is not needed
- Select API Permissions.
- Add Azure Active Directory Graph -> Application permissions -> Directory / Directory.Read.All
-
- Click Grant admin consent and then Yes for confirmation pop-up
- Select Certificates & secrets.
- Add new client secret
- Enter proper description, select Expires = Never and click Add
- Copy value of new secret to be sent to Benemen
- Go to overview tab and copy value of Application (client) ID
- Send Application ID and Secret to Benemen.