Microsoft Azure AD User Synchronization

If you use Microsoft Azure AD to manage your users, here is how to do to set-up a seamless user synchronization with Ziik.

Topics in this article

How the User synchronisation works

Requirements in Ziik

Requirements in your Azure AD

Setting-Up the Azure AD integration in Ziik

User Profile integration fields

Integration workflows



How the User synchronisation works

Ziik will collect information in your Azure AD about new users, updated users or deleted users and update these accordingly in Ziik in line with the integration framework. Ziik will request for updates in your Azure AD every hour.



Requirements in Ziik

You need to be a platform administrator to set-up integrations in Ziik. Go to the Integrations via the admin panel and select Azure User Sync




Requirements in your Azure AD

You will need to

  1. create a secret in Azure, copy the field called "value", and insert it into Ziik.
  2. assign the following permissions to the app in Azure:
    • Microsoft Graph -> application permissions -> User. Read. All. 
    • The permission then needs admin consent.


Setting-Up the Azure AD integration in Ziik

 

 

1. Fill out the form

Name - Name your Azure User Synchronisation. The name will appear in the Azure User Synchronisation in the integration list in Ziik.

Azure Tenant ID - Insert the ID of your Azure Tenant installation.

Application ID - Insert the secret from the Application ID (Client) of the App registration in Azure (the secret is used to access MS Graph) 

Secret Value - The "secret" part of the Secret belonging to App registration in Azure, which contains the secret used to access MS Graph.

Azure field containing “unit” - Users' permissions in Ziik are determined by their “unit” and “user type” relationship. Users without an assigned “unit” and “user type” will not see anything in Ziik. It is therefore essential to match these fields in Ziik.

A user’s “unit” in Ziik can be matched from one of the following fields on the User object in Azure:

  • JobTitle
  • CompanyName
  • department
  • streetAddress
  • State
  • Country
  • officeLocation
  • city
  • postalCode

Note! Users can belong to more units in Ziik and have a unique set of user types in each unit. The membership of users requiring multiple unit memberships is to be handled exclusively in Ziik. 


Azure field containing “user type”
- Users' permissions in Ziik are determined by their “unit” and “user type” relationship. Users without an assigned “unit” and “user type” will not see anything in Ziik. It is therefore essential to match these fields in Ziik.

A user’s “user type” in Ziik can be matched from one of the following fields on the User object in Azure:

  • JobTitle

  • CompanyName

  • department

  • streetAddress

  • State

  • Country

  • officeLocation

  • city

  • postalCode

It is possible to assign more than one user type to a user I Ziik. This can be done in Azure with a comma separated list of user types. The user will then get all user types with a match in Ziik, in the unit given.

Note! Please note that you cannot use the same matching field in Azure for both Units and user type in Ziik.


2. Tick off Enabled


3. Press
Save

4. Now press Initiate synchronisation to enforce synchronisation with the entire integration user base in Azure AD (You only need to do that when you start-up the integration)



User Profile integration fields

2022-02-17_13-47-53



Integration workflows


Creation of New Users in Azure AD
- New users created in Azure AD will be synchronised with Ziik. 

  • Users with identical matching fields will be positioned where they belong in Ziik.
  • Users without identical matching fields will be listed as unassigned users in the Ziik user administration panel.


Creation of New Users in Ziik -
 New users created in Ziik will be exposed to the Azure AD synchronisation. 

  • If a user exists in Azure AD with the same email, the user’s mandatory and matching fields will be updated with the data from Azure.
  • If a user does not exist in Azure AD nothing will happen to the user in Ziik.


Updating of Users data in Azure AD -
Updating of Users data in Azure AD will be synchronised with Ziik.


Deletion of users in Azure AD -
When users are deleted in Azure AD

  • Users will be deactivated (soft deleted) in Ziik for 90 days
  • Deactivated users will be listed in the user administration panel.