User Syncing with Azure Active Directory

Connect your environment’s people data to Azure Active Directory


Note:

In order for the integration to work, Simpplr requires consent provided by the Azure Global Admin user. Then the Group Admin user must connect with their credentials. The Group Admin is required in order to read user profile data from the Azure Admin. Once the Global Admin connection is established, the Global Admin user can remove the Global Admin permission from the account if they wish. The Global Admin connection is only required temporarily to approve the consent for the integration.

We recommend resetting the Admin user's password every few months for added security. Changing the admin connection password will not affect the integration or any user access in any way on Simpplr.

 

Users who are the Active Directory Global Admins and have Salesforce System admin access can complete the instructions below to select Azure Active Directory as the source for Simpplr's people data.

To be able to sync users' data and fields on Simpplr, Simpplr needs to read certain data of users in the organization, hence we request for the User.Read.All scope (this is the least privileged scope).

The User.Read.All permission allows Simpplr to read all users' full profiles, which include sets of profile properties, reports and managers of users in your organization.

From an application standpoint, User.Read.All is the least privileged permission. Since the app needs to read users' data from Microsoft Graph, Microsoft mandates admin consent to be provided for the application only can be granted using the Global Admin user. As mentioned above, once the Global Admin consent has been provided, the user can remove the permission from the account.

The image below highlights which permissions require Global Admin consent, and what user data is being pulled from Microsoft to Simpplr. These permissions must be granted by the Global Admin user.
Azure_syncing_global_admin_requirements.png

  1. As the Admin user, in Simpplr, go to Manage > Application > Integrations > People Data.
  2. Select the Active Directory checkbox to connect using admin credentials. You will be asked to accept the requested permissions as shown below.
    image__22_.png
  3. After signing into the source account with admin credentials, your source account will be connected and you'll be redirected back to Simpplr.


azure_admin_connect.png

 

 

Set up Active Directory user attribute syncing

Back to top

If your environment is connected to Azure Active Directory, System admins will be able to sync user attributes from Azure Active Directory:

  1. Go to Manage App > People > User Syncing.
  2. Select Active Directory as the syncing source.
  3. Select which fields you want to sync between Azure Active Directory and Simpplr. 
  4. To sync user people data, run ScheduleSimpplrServices. This job is pre-scheduled to run once a day, but can be run on-demand.

mceclip4.png

selecting fields to sync between Azure Active Directory and Simpplr

Batch sync and provision Simpplr people data with Azure Active Directory

Back to top

Once your environment is connected to Azure Active Directory, and Active Directory is selected as the People data source, System admins are ready to batch sync and/or provision People data in Simpplr with Active Directory's source data:

  1. Go to Manage App > Setup > Schedulers.
  2. To provision users on-demand, run ScheduleHourlySimpplrServices. This job is pre-scheduled to run every three hours, but can be run on-demand.
  3. To sync user people data on-demand, run ScheduleSimpplrServices. This job is pre-scheduled to run once a day, but can be run on-demand.
  4. Simpplr People data will be automatically synced or provisioned accordingly.

setup_-_schedulers_copy_2x.png

options for a batch job under Schedulers

 

Syncing Hire Date and Birthday from Azure to Simpplr

To sync these two fields, there are a few extra steps required in Salesforce side and Azure to get the fields to properly sync. First, let's create custom fields in the Salesforce environment.

  1. From your Salesforce instance, go to Setup, then in the Quick Find box, type "user".
  2. In the list of results, find the header titled Build and follow this path: Build > Customize > Users > Fields and select Fields.
  3. Scroll down User Custom Fields and click New
  4. Choose the Data type Date and click Next.
  5. Enter Field Label as Joining Date and Field Name as Joining_Date. The field name should fill in automatically. Click Next.
  6. From the next page, select Visible to check all the options as Visible. Then click Save.
  7. Head back to create another new custom field and follow the same above procedure as above to create a Birthdate (Birth_Date) custom field.
  8. That's it on the Salesforce side. Now we need to go to Active Directory to create a custom attribute.


Use Custom Attribute in On-Premise AD

  1. Use an existing msDS-cloudExtensionAttribute1
  2. Map/Fill the Birthdate for all the users. Click Save.
  3. We need to use another existing attribute msDS-cloudExtensionAttribute2 for the HireDate
    as well. Click Save.
  4. Add the Date in the format YYYY-MM-DD. This is the only accepted format.

Azure AD Connect sync: Directory extensions

You can use directory extensions to extend the schema in Azure Active Directory
(Azure AD) with your own attributes from on-premises Active Directory.

  1. Open Microsoft Azure Active Directory connect utility.
  2. You configure which additional attributes you want to synchronize in the custom
    settings path in the installation wizard.
  3. The Available Attributes box is case-sensitive.
  4. Click Next and Save the configuration.

Changes on the Azure portal

  1. In the Azure portal, on the left navigation panel, click the Azure Active Directory icon.
  2. Navigate to Enterprise applications. Then go to All applications.
  3. Search for the Salesforce application to which you have configured SSO and Provisioning.
  4. Navigate to Provisioning and scroll down.
  5. Look for Mapping and click Synchronize Azure Active Directory Users to Salesforce.com.
  6. Another window will open, scroll down and click Advanced properties.
  7. Click Edit attribute list for salesforce.com, and another window will open on the right side.
  8. Now we'll add the Birth Date attribute. Scroll down and type in the box Birth_Date__c. Ensure String is chosen from the dropdown list.
  9. Click Add Attribute.
  10. Do this for the Joining Date attribute as well. Type Joining_Date__c in the box and ensure String is chosen.
  11. Click Add Attribute again.
  12. On the top of the page, click Save.
  13. We need to add this attribute to the AD custom attribute.
  14. From the previous page, click Attribute Mapping, scroll down and click Add New Mapping.
  15. Select the Source Attribute as Extension attribute, which we are syncing for Birth Date or Joining Date from on premise Active Directory.
  16. Select Target attribute as Birth_Date__c and click Okay.
  17. Do the same for Joining_Date__c.
  18. Click Save on the Attribute Mapping page.

Changes in Simpplr app

  1. Log in to your Simpplr app as the System administrator.
  2. Go to Manage > Application > People. Select User syncing and scroll down to the Hire date field. Check the box.
  3. Click Save.
  4. The data will sync within 24 hours on Simpplr.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more