Configuring Microsoft Entra ID user settings

2024-12-12Last updated

To define how identity data flows between Microsoft Entra ID and Genetec ClearID™, you must configure your user settings and map attributes for automatic synchronization.

Before you begin

Disable your Microsoft Entra ID groups setting.

What you should know

This procedure is for the ClearID deployment team, your IT department, or the people responsible for administering Microsoft Entra ID in your organization.

Procedure

  1. In the Microsoft Azure portal, search for and click Enterprise applications.
  2. In the Enterprise applications section, search for and select your ClearID SCIM integration application.
  3. In the Manage section, click Provisioning and then click Provisioning again.
  4. Expand the Mappings section and click Provision Microsoft Entra ID Users.
  5. Modify the default attribute mappings.
    1. On the Attribute Mapping page, click Delete to remove unused default attributes.
      Only keep the following:
      • userName
      • active
      • displayName
      Attribute mapping page in Microsoft Azure showing the user source object with three attributes highlighted.
    2. Click Save and then click Yes to confirm your changes.
  6. Modify the customappsso user attributes.
    1. On the Attribute Mapping page, click Show advanced options.
    2. Click Edit attribute list for customappsso, and then click Delete to remove all the unused default attributes.
      Only keep the following:
      • id
      • active
      • displayName
      • title
      • userName
      Edit attribute list page in Microsoft Azure showing customappsso user attributes with five attributes highlighted.
    3. Click Save and then click Yes to confirm your changes.
  7. Add the ClearID schema attributes.
    Only include the list of attributes available to ClearID:
    urn:ietf:params:scim:schemas:extension:clearid:2.0:User:description
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:firstName
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:lastName
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:middleName
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:countryCode
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:email
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:employeeNumber
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:secondaryEmail
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:cityOfResidence
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:stateOfResidence
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:zipCode
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:phoneNumberPrimary
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:phoneNumberSecondary
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:supervisorName
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:departmentName
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:jobTitle
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:companyName
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:workerTypeDescription
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:workerTypeCode
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:hasExtendedTime
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:externalId
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:hasWebPortalAccess, Boolean
urn:ietf:params:scim:schemas:extension:clearid:2.0:User:isAdmin, Boolean
    1. On the Edit Attribute List page, copy and paste an attribute name from the preceding ClearID schema attributes code example into the Name field and select the attribute Type.
      Almost every attribute has the type String, except for three attributes that have the Boolean type: hasExtendedTime, hasWebPortalAccess, and UserisAdmin.
      Important: The ClearID externalId attribute is the unique identifier that ClearID uses for synchronization. It’s mapped to the unique objectId attribute in Microsoft Entra ID.
    2. Repeat for each attribute listed in the preceding ClearID schema attributes code example.
      Edit attribute list page in Microsoft Azure showing customappsso user attributes with newly added attributes highlighted.
    3. Click Save and then click Yes to confirm your changes.
  8. Add the ClearID attribute mappings.
    1. On the Attribute Mapping page, click Add New Mapping.
    2. On the Edit Attribute page, add the attributes that you require from the attributes added earlier in step 7.
      Include the following:
      • Mapping type: Direct
      • Source attribute: objectid
      • Target attribute: <your attribute value>
    3. Click OK.
    4. Repeat for each attribute added earlier and replace the target attribute value with the next attribute you want to add.
      For a successful first synchronization, you need the following attributes. You can add more attributes later.
      Attribute Mappings page in Microsoft Azure showing the minimum mapping required for SCIM Synchronization.
      Note: The objectid is the GUID in azure. There’s no way to manipulate the objectid of a user in Azure. It's a hard-coded field that can’t be modified.
    5. Click Save and then click Yes to confirm your changes.
      You can now close the window and return to the Provisioning page.

After you finish

Configure the ClearID SCIM integration synchronization settings.