Configuring the data source for Azure AD synchronization

2023-07-10

Before you can synchronize an external system with Genetec ClearID™, you must first configure the Genetec ClearID™ One Identity Synchronization Tool data sources for Azure Active Directory synchronization.

Before you begin

Familiarize yourself with the One Identity attribute fields.
Familiarize yourself with the Azure web app.
- Make a note of the Azure web app connection settings for later use.
- Make sure that the Azure AD API permissions are set up.
Prepare an Azure Active Directory containing the identities attributes that you want to import and synchronize.
Check your license information: Part number CD-IDSYNC-SERVICE-1Y is required for One Identity Synchronization Tool import.

What you should know

This procedure is for IT or security personnel responsible for external system attributes administration.

This procedure describes how to configure the data source for Azure AD.

The data source order is important because the first data source always overrides common fields.
There is no limit to the number of data sources. However, the larger the data source, the memory requirements increase.
When using an Azure data source to synchronize identities, the only possible field for Unique ID is the UserId field. When the Azure data source is selected, the Unique ID fields cannot be configured and use of the Azure UserId field is triggered by default.

Procedure

In the One Identity Synchronization Tool Data sources section, click Add data source ().
In the Source section of the Data source configuration dialog, select Azure Active Directory and click Next.
In the Configuration section of the Data source configuration dialog, complete the following mandatory fields:

Tenant name

In the Tenant name field, enter your tenant name (account name). The tenant name is used to connect to the directory for the account. For example, a host address account.onmicrosoft.com or a GUID nxxnxnxx-nnnn-nxnn-nnnx-nxnnnxnnxnnn.

Client ID

In the Client ID field, enter your client ID. The client ID is used to connect to the client application. The Client ID format is an alpha-numeric format as follows: nxnxnxxn-xxnn-nnnx-xxnn-nxxxnxnnnxnn.

App key

In the App key field, enter your App key. The App key is used to authenticate communications with ClearID. The App key format is an alpha-numeric format as follows: nXnxxxxXxxXnxxxXXXxXXnxxXXXnnxxxXXnXXXXXxxx=.

Tip: The Tenant name, Client ID, and App key can be obtained from your Azure Active Directory application registration.
1. Click Next.
  
  Note: Fetching information required for the data source configuration can take a long time and varies depending on the number of groups and users fetched.
2. (Optional) Use the Filter groups option to only synchronize a subset of selected Azure AD groups and group members. Search for or select the groups that you require and click Next.
  
  Note: If your Azure AD list is long, you can also use the Check all or Uncheck all icon to help you during your selection process.
In the What to sync section of the Data source configuration dialog, select Identities to synchronize from the external system data source.
If you selected Identities as a data source, in the What to sync section, configure the identity attributes settings.
Note: The fields that are displayed in the Identities section vary depending on the data source you selected in the Source section.
The following image shows the options that are displayed after selecting an Azure AD data source.
1. Configure your External field attribute mappings.
  
  One Identity field
  
  Displays the ClearID identity attributes. Mandatory fields are highlighted using an asterisk (*).
  
  External Field
  
  Select system attributes in the External field columns that you want to map from the external system to the ClearID identity attributes shown in the One Identity field column.
  
  CAUTION: When using Azure AD as your data source, the One Identity Unique ID field must be mapped to the Azure AD User ID external field to ensure that the identity attributes are correctly mapped and synchronized.
  
  Sample value
  
  If an External field is selected, an example of the selected external field data from your data source is displayed (if available) in the Sample value column next to the External field column.
  Tip: Use the sample value column to check the format of the attributes data you are about to import from your external system fields into ClearID.
2. (Optional) Click Script () to add a transform expression to find and replace external field text using regular expressions.
  For example, you can look for variations of a country name to replace with the correct country code.
  - A script icon () is shown in the Sample value column when the field text is being replaced with a regular expression.
  - The transform expressions are processed in the order specified in the Add transform expressions for field dialog.
  Tip: If required, you can select the row of any expressions that you no longer require, and click delete .
3. (Optional) Click Refresh () to update the external fields data from your data source. This refresh option is used in situations where the existing data has been modified, new data rows have been added, or new attribute columns have been added.
4. Click Next.
In the Summary section, review the data that will be synchronized.

Note: If multiple data sources are selected, only the first data source file is displayed in the Summary section Data source name field. If you want each of the data files listed in the Data sources section, you must add them individually.
1. If the data synchronization details look correct, click Finish.

After you finish

Configure your synchronization settings.