Version: 2024 R1

Azure Active Directory

Synchronization with the Active Directory (AD) data source hosted in the Microsoft Azure environment. The user list synchronization window for this data source type is split into the four tabs, each of which is described below.

Settings

The tab allows you to select additional information saved in the WEBCON BPS database.

1. Database column

The BPS cache database column that stores potential additional information (properties) regarding the synchronized object that has been specified in the Columns mapping column.

2. Columns mapping

Additional information (properties) stored in the BPS database columns specified in the Database column field. The aforementioned information can include country code (countrycode), account expiry date (accountexpires), or object GUID identifier (objectguid).

Credentials

The tab enables you to enter your Azure Active Directory login data. Beforehand, the WEBCON BPS Synchronization Service must be registered as a trusted application in the Azure Active Directory tenant configuration. The data obtained during the aforementioned registration is required for connecting with the service.

1. Tenant ID

A unique identifier assigned to the specific Azure AD instance (organization or environment) and used for authenticating when accessing assets located in the Azure AD environment.

2. Client ID

A unique identifier assigned to every individual application registered in the Azure AD service.

3. Client secret

A unique, client secret key provided together with Client ID. It is used for authenticating the application in the Azure AD service and has specified validity time.

caution

For Microsoft Graph endpoints, the registered application must hold at least the following permissions:

retrieving data required for synchronizing users and groups: Users.Read.All and Group.Read.All,
downloading pictures of users: Users.Read.All.
Once the application is registered, the AAD tenant administrator must accept the permissions required by the aforementioned endpoints.

Schedule

The tab allows you to specify when the synchronization is to be executed. To maintain an optimal level of data currency within the WEBCON BPS platform, it is recommended to perform synchronization several times a day.

1. Hours during which full user synchronization is activated

The field allows you to define the time at which full user synchronization is executed. This involves retrieving and updating all the data pertaining to groups and users, regardless of whether the data has changed since the last synchronization.

tip

Full synchronization may require significantly more time compared to the incremental method. It is advised to employ this mode only when it is duly justified.

2. Hours during which incremental user synchronization is activated

The field enables you to specify the timing for incremental synchronization. In this mode, data related to groups and users is updated differentially, meaning only the data of objects (users and groups) whose properties have been modified since the last synchronization is updated. The incremental synchronization also updates the status of added or deleted objects. For optimal performance, it's advised to set this mode as the default one.

Advanced

The tab offers the choice of two synchronization types: Synchronize the user list and Synchronize the user list in Debug mode (both in full and incremental manner). In addition, it is possible to configure the user pictures and avatars synchronization mode.

1. Synchronize the user list

The section provides two buttons:

Incremental synchronization – the user and group data is updated differentially. This means that the system synchronizes only the data of those objects (users and groups) whose properties have been changed since the last synchronization. The incremental synchronization also updates the status of added and removed objects. For optimal performance, it is advised to use this mode as the default one.
Full synchronization – the system retrieves and updates full data on all groups and users, regardless of whether it has changed since the last synchronization or not. The full synchronization requires much more time than the incremental one. For this reason, it is recommended to select this mode only in duly justified cases.

2. Synchronize the user list in Debug mode

The synchronization in the Debug mode allows you to collect additional information on the progress of synchronization. During the synchronization the log registers detailed diagnostic information due to which the synchronization can take more time. The Debug mode enables detailed analysis of individual synchronization steps and should be applied only for diagnostic purposes. Like in the case of standard synchronization mode, there are buttons provided for executing full and incremental synchronization. Furthermore, the Selected users synchronization – Debug button enables synchronization of a single user by entering their BPS ID.

Add JSON data from MS Graph to data logs in Debug mode – selecting the checkbox results in adding JSON data retrieved from Microsoft Graph (MS Graph) to logs, which can be useful for analyses and identifying potential errors or problems.

3. User's pictures synchronization mode

The section allows you to configure retrieving and updating data associated with user profile pictures. The updating involves only pictures of users updated in the course of a standard user synchronization (full, incremental, individual users). Available options for synchronizing pictures:

No synchronization – the user synchronization does not involve synchronizing pictures,
After user synchronization – the pictures synchronization is executed immediately after synchronizing users. The system synchronizes only the pictures of users for whom changes have been identified during the synchronization.
Schedule – the pictures synchronization is executed within the scheduled hours. The system synchronizes only the pictures of users for whom changes have been identified during the synchronization.

4. Synchronize pictures now

Photos synchronization – the pictures synchronization is executed immediately for users modified in the course of regular synchronization, regardless of the schedule.
Photos synchronization – Debug – the pictures synchronization in the Debug mode is executed immediately for users modified in the course of regular synchronization, regardless of the schedule. The synchronization is executed in the Debug mode in which additional diagnostic information is registered – this can lead to longer execution time in comparison to the standard synchronization.
All photos synchronization – the profile pictures for all the synchronized users are updated.
All photos synchronization – Debug – the profile pictures for all the synchronized users are updated. The synchronization is executed in the Debug mode.

info

To learn more about synchronization with Azure Active Directory source, read the ARTICLE available in the WEBCON Community website.

Azure Active Directory

Settings​

1. Database column​

2. Columns mapping​

Credentials​

1. Tenant ID​

2. Client ID​

3. Client secret​

Schedule​

1. Hours during which full user synchronization is activated​

2. Hours during which incremental user synchronization is activated​

Advanced​

1. Synchronize the user list​

2. Synchronize the user list in Debug mode​

3. User's pictures synchronization mode​

4. Synchronize pictures now​