Azure

 
Author
Message
SysAid Technical Writer
1152
 

Settings

Integration

My Apps

Azure

SysAid’s Azure integration allows you to more efficiently manage the users in your company from one central location, by automatically pulling user data from Azure to SysAid. The integration runs these data imports about every 24 hours; saving time and preventing human error that could occur from manually copying the data. This integration can be configured for multiple Azure tenants.

 

While this integration provides admins with access to users from Azure within SysAid, the users themselves cannot access SysAid unless you also enable the Office 365 integration.

Important: If you have users that were imported via LDAP integration, to avoid duplicate users and problems with authentication, make sure that:

  • The users have the same email addresses in the Azure and LDAP repositories
  • The Sync user based on email address check box is selected in the Azure integration settings
  • If you want to run an LDAP import after you import users from Azure, filter out the Azure users from within LDAP before the next scheduled LDAP run.
    These two integrations are not designed to work simultaneously. If you require both LDAP and Azure importing, please contact customer care for assistance.

Set up the Azure integration

  1. From the SysAid Marketplace, get the Azure addon.
  2. On the main My apps page, in the Azure icon, click .
  3. In the Azure dashboard, navigate to Azure Active Directory > Custom Domain Names.
  4. Copy the name that's in the Available status.
  5. Back in SysAid, paste the name into the Tenant Name field.
  6. In Azure, navigate to Azure Active Directory > App Registrations.
  7. Click New Registration.


  8. In the Name field, enter a name for the application (for example "SysAid Login").
  9. Click Register.

  10. Back in the overview screen, click Add a Redirect URI.
  11. Click Add a Platform.

  12. Click Web.
  13. in the Redirect URL column, add your SysAid account URI.

  14. Click Configure.
  15. Click Overview.
  16. Copy the application (client) ID.
  17. Back in SysAid, paste the copied text into the Client ID field.
  18. Set Microsoft Graph permissions in Azure.
    1. In Azure, navigate to Overview > View API permissions.
    2. Click Add Permissions.
    3. Click Select an API.
    4. Select Microsoft Graph.
    5. Select the following permissions from the Application Permissions section:
    • Group.Read.All
    • TeamMember.Read.All
    • User.Export.All
    • User.Read.All
    1. Select the following permissions from the Delegated Permissions section:
    • Group.Read.All
    • GroupMember.Read.All
    • User.Export.All
    • User.Read
    • User.Read.All
    • User.ReadBasic.All
    1. Click Save.
    2. In the Required Permissions section, click Grant permissions.
    3. When prompted, click Yes.

  19. In Azure, configure a key.
    1. Navigate to Manage > Certificates and Secrets.

    2. Click New Client Secret.
    3. Enter a key name in the description field.
    4. Select the expiration date.
    5. Click Add.

  20. Copy the contents of the key's Value column.
  21. Back in SysAid, paste the copied text into the Secret Key field.
  22. Enter the domain you want.
  23. If you are running SysAid version 20.1.14, enter the following default field mapping text in the JSON field to map.

    {"fieldsMapping":
    [{"sysAidName":"UserName" ,"azureName":"userPrincipalName", "type":"text"},
    {"sysAidName":"FirstName" ,"azureName":"givenName", "type":"text"},
    {"sysAidName":"LastName" ,"azureName":"surname", "type":"text"},
    {"sysAidName":"Location" ,"azureName":"officeLocation", "type":"list"},
    {"sysAidName":"Email" ,"azureName":"mail", "type":"text"},
    {"sysAidName":"Department" ,"azureName":"department", "type":"list"},
    {"sysAidName":"Company" ,"azureName":"companyName", "type":"list"}]}


    Feel free to make any changes you like.

    If you are running SysAid Cloud or a later On Premise version, see the next section for instructions on mapping fields.
  24. Click Save Changes.
  25. Click the slider to activate the integration. Note: It could take up to 12 hours for your Azure fields to be synced with SysAid. Don't edit the integration until sync is complete.

Manage the integration

Once the integration is complete, you can customize the way it works to best meet your needs.

  1. Define which SysAid fields get populated by which Azure fields by selecting the fields from the drop-downs.
    1. Click Add New Field, to map an additional field.
    2. Click , to delete a field mapping.
    For a full list of fields imported from Azure, see the table below.
  2. (Optional) Select the Import Groups check box if you would like to import groups from Azure to SysAid.
  3. (Optional) Select the Sync user based on email address check box if you want to use the Azure Email Address field as the User Principle Name instead of the Azure user name.
  4. (Optional) If you want to filter which users are imported (based on fields such as Department or Group Name), click to set up a filter.
    1. If you want to verify that the imported users all have a first and last name in Azure Active Directory, make sure that the corresponding check box is selected.

  5. (Optional) To add a tenant click Add.
  6. (Optional) To delete a tenant, click the Delete button corresponding to the tenant you want to delete.
  7. Click Save Changes.
  8. (Optional) If you want to manually import all the users from Azure according to the settings and filters that you configured, click Import Now. Please note that this process can take a while to complete.
    1. If the Import Now button is disabled, you can hover over the button for a tool-tip that explains why the button is disabled.

Fields imported

When you import data from Azure, the integration pulls the values from the maps the values from Azure fields to SysAid user fields as follows:

 

Azure Field SysAid Field
ID User ID
Phone phone
Display Name User Name
Given Name First Name
Email Email
Cellular Phone Cellular Phone
office location Location
Preferred Language Language
Company Name Company
Department Department
Manager Manager
Surname Last Name
Country Custom field
City Custom field
Company Name Company
Job Title Job Title
Postal Code Custom field
Employee ID Custom field
State Custom field
Street Custom field
User Type Custom field

 

 

 

 

This message was edited 3 times. Last update was at Jan. 24, 2019 08:12 AM

SysAider
3
 
Hello, Is the Fields imported from Azure AD to SysAid can be customized ?
For example the Manager of User need to be imported for my company, because we're working with approval process over different workflows.
Regards ?
SysAider
5
 
Hi AleKz,
We managed to map Manager to Manager.
Potentially the number of fields getting scooped up has increased from the list below?
Manager is now in the dropdown from the AD side and we mapped it to Manager on the SysAid side and we are building it into workflows.

Thanks
Jason
SysAider
3
 
Hello !
What are the possibilities to manage the users from Azure AD we want to sync with SysAid.

By default i've imported everyone from Azure to SysAid but including service account, or EXT account from Azure etc...

thanks for help
SysAid Product Manager Community Manager
319
 
Hi AleKz,
Thanks to your comment we have updated the article above to reflect all the fields that have been added over the years including the Manager fields that you found as well as Department and State

Keep IT up!
Maayan


AleKz wrote:Hello, Is the Fields imported from Azure AD to SysAid can be customized ?
For example the Manager of User need to be imported for my company, because we're working with approval process over different workflows.
Regards ?
SysAider
1
 
This is working really well for us, but like AleKz, we need to be able to filter out the guest accounts (the accounts with EXT on them from other domains). We have a number of guest accounts on our system but cannot have them listed in our sysaid system.

How would i filter these out?

Mark
SysAider
5
 
I'd like to Echo MLMark and stated it would be good if there was some way to filter what is imported we also get a bunch of service accounts that are just cruft.

I'd also be interested in seeing some way to use one of the inbound fields to set the value of the "Is supervisor" field. Right now we have to do that manually but it would be great to be able to connect that to set of Job titles or an AD attribute field.

Thanks
Jason