Microsoft Azure AD User Synchronization

If you use Microsoft Azure AD to manage your users, here is how to do to set-up a seamless user synchronization with Ziik.

Topics in this article

How the User synchronisation works

Requirements in Ziik

Requirements in your Azure AD

Setting up the integration in Azure AD

Setting up the integration in Ziik

User Profile integration fields

Integration workflows



How the User synchronisation works

Ziik will collect information in your Azure AD about new users, updated users or deleted users and update these accordingly in Ziik in line with the integration framework. Ziik will request for updates in your Azure AD every hour.



Requirements in Ziik

You need to be a platform administrator to set-up integrations in Ziik. Go to the Integrations via the admin panel and select Azure User Sync

2023-02-02_09-10-51



Requirements in your Azure AD

You will need permissions to create an App Registration with the permission: User. Read. All.

The permission needs admin consent.



Setting-up the integration in Azure AD

  1. First, you need to create an App Registration in your Azure. 
    So create a new App registration and give it a name, so that you know what it is, e.g. "ziik_user_sync".

    You'll be registering an App of the type: "Accounts in this organizational directory only (<company name> only - Single tenant)

  2. Now you're ready to register the App.

  3. Once it's registered, you need to configure it.

    1. First we'll be adding Client Credentials. What we'll be using is a "Client Secret".

      Do yourself a favour and give it a descriptive name, as well as a long expiration date. (Preferably before this date gets hit, you'll want to create another secret, then switch your Ziik integration to using the new one.)

      Make sure to save the secrets "value", as Azure will never show you this again (and you will need to supply it to Ziik).

    2. Now we need to give the App permission to the needed resources in your Azure.

      In "API Permissions" you will need to give the App permission to see the required user data.

      It's a commonly used Microsoft Graph permission, so chose: "Microsoft APIs", then "Microsoft Graph".

      Then choose "Application permissions", since the app will be running in the background, using the secret we created earlier.

      Now the permission you need to add is called "User.Read.All", which you can either find by unfolding the appropriate menus or you can make it simpler by using the search field, which will limit the amount of options presented to you.

      Now you need to "Grant admin consent" to the permission.

  4. Once that's done, we're ready to set up the integration in Ziik.



Setting-up the integration in Ziik
 

  1. Fill out the form:

2023-02-02_09-07-29

 

Name - Name your Azure User Synchronisation. The name will appear in the integration list in Ziik.

Application ID - Insert the Application (client) ID belonging to the App registration in Azure.

Tenant ID - Insert the Directory (tenant) ID for your Azure.

Secret - The "value" part of the "Client Secret" which we created for the App Registration in Azure earlier, which contains the secret used to access MS Graph.

Unit - Users' permissions in Ziik are determined by their “unit” and “user type” relationship. Users without an assigned “unit” and “user type” will not see anything in Ziik. It is therefore essential to match these fields in Ziik.

A user’s “unit” in Ziik can be matched from one of the following fields on the User object in Azure:

  • JobTitle

  • CompanyName

  • Department

  • Street Address

  • State

  • Country

  • Office Location

  • City

  • Postal Code

Note! Users can belong to more units in Ziik and have a unique set of user types in each unit. The membership of users requiring multiple unit memberships is to be handled exclusively in Ziik. 


User type
 - Users' permissions in Ziik are determined by their “unit” and “user type” relationship. Users without an assigned “unit” and “user type” will not see anything in Ziik. It is therefore essential to match these fields in Ziik.

A user’s “user type” in Ziik can be matched from one of the following fields on the User object in Azure:

  • JobTitle
  • CompanyName
  • Department
  • Street Address
  • State
  • Country
  • Office Location
  • City
  • Postal Code

It is possible to assign more than one user type to a user I Ziik. This can be done in Azure with a comma separated list of user types. The user will then get all user types with a match in Ziik, in the unit given.

Note! Please note that you cannot use the same matching field in Azure for both Units and user type in Ziik.


2. Tick off Enabled


3. Press
Save

4. Now press Initiate synchronisation to enforce synchronisation with the entire integration user base in Azure AD (You only need to do that when you start-up the integration)



User Profile integration fields

What Ziik Azure AD Comment
Mandatory fields

Email
First name
Last name

   
Matching field Unit Job Title
Company Name
Department
Street address
State
Country
Office Location
City
Postal Code
The integration will ignore Units id there is no match or there is more than one unit stated in this field
Matching field User type Job Title
Company Name
Department
Street address
State
Country
Office Location
City
Postal Code
The integration will ignore user types id there is no match. It is possible to synchronize more user types when using comma separation.

 



Integration workflows


Creation of New Users in Azure AD
- New users created in Azure AD will be synchronised with Ziik. 

  • Users with identical matching fields will be positioned where they belong in Ziik.
  • Users without identical matching fields will be listed as unassigned users in the Ziik user administration panel.


Creation of New Users in Ziik -
 New users created in Ziik will be exposed to the Azure AD synchronisation. 

  • If a user exists in Azure AD with the same email, the user’s mandatory and matching fields will be updated with the data from Azure.
  • If a user does not exist in Azure AD nothing will happen to the user in Ziik.


Updating of Users data in Azure AD -
Updating of Users data in Azure AD will be synchronised with Ziik.


Deletion of users in Azure AD -
When users are deleted in Azure AD

  • Users will be deactivated (soft deleted) in Ziik for 90 days
  • Deactivated users will be listed in the user administration panel.