What is Azure Active Directory?
Azure Active Directory (Azure AD) is Microsoft’s enterprise cloud-based identity and access management (IAM) solution. You can manage all your identities and access to your resources centrally in Azure AD.
Why integrate?
By integrating with Azure AD, you can sync the users from your directory to your user list on VisiPoint Cloud. Authentication is required from the directory’s side before the importing process starts.
How to set up your integration
Please note, you must have a VisiPoint Cloud subscription on the Enterprise plan to use this feature. Contact our team at cs@lamasatech.com to upgrade.
To add a new integration with Azure AD, click on Integrations from the left navigation within your VisiPoint Cloud dashboard.
You will then see a box named Azure AD. Click on the plus symbol and the following pop-up screen will appear for you to enter the key details from your Azure AD account:
Each company can have multiple integration connections with Azure AD.
Any directory has groups of users. These groups should be mapped to the user types created in your VisiPoint dashboard. The admin can map multiple groups (from the Azure directory) to the same user type in VisiPoint.
If the admin does not map a group to a user type, this means that the users will not be imported to VisiPoint. The admin would need to create a new integration with the same credentials if they wanted to map the user group at a later stage.
All the fields used in the directory (First Name, Family Name etc) should be mapped to the ones that exist in the company’s dashboard (First Name, Last Name etc).
The admin cannot map multiple fields from Azure AD to the one field in VisiPoint.
If there are fields that are not mapped, their values will not be imported into VisiPoint.
Integration settings
For the first time, the user should enter his credentials and when authenticated, he will be directed to the integration settings page.
In this page, the user can:
- Give a name to the integration
- Select one or more sites for this integration
- Set the period for the automatic sync process
- Select the default action to be taken when any user record is deleted from the directory
- Map directory fields to VisiPoint fields
- Map directory groups to VisiPoint user type
These 6 steps will be done for each new integration.
Then the system user will start the importing process where the system will import all the mapped users from the directory to VisiPoint.
As the import begins you will see a message with import status, similar to the below.
Then the validating process will start to check the imported data, to categorise any with errors or duplications of users already in VisiPoint.
Then the system user will be directed to a grid showing the Errors List (if any exist), the Duplicates List (if any exist), and the records that have no issues. The system user will be able to fix all the errors and duplicates and then confirm the sync.
If the first sync was interrupted for any reason, the integration status will be “Draft” and the admin can resume it at anytime to complete the process.
If the admin goes back into Integration Settings and changes the mapped fields or groups after importing the records from Azure AD, a message will appear informing them that if they continue, all the data will be imported again taking into consideration the new mapping.
Error List
The errors that may appear are:
- One of the required fields (First Name or Last Name) in VisiPoint are empty, i.e. the admin didn’t map any fields from Azure AD to the required fields in VisiPoint
- The email address field has a non-email format value, i.e. the admin mapped a non-email field into the email address field in VisiPoint
- The user exists in more than one directory group
You can click the edit button to edit the users that have errors.
When the admin fixes an error, it will disappear from the error list.
During the first sync process, the system user will not be able to start fixing the duplicates until he fixes all the existing errors.
Duplicates List
If the imported user record has the same first name and last name and email address or phone number of a user that already exists in the users’ list in VisiPoint, the user will be listed in the duplicates grid.
The system user will be able to select records to merge.
Or the admin can choose to skip this record, i.e. the one imported from Azure AD will not be synced to VisiPoint.
When the admin fixes any duplicates, they will disappear from the list.
During the first sync process, the admin will not be able to check all the records ready to be synced until they fix all the existing duplicates.
All Records List
This list will appear during the first sync process and it will display all the records that have no issues after fixing all errors and duplicates.
If the admin clicks “Sync” they will see one final pop-up screen to confirm.
You will then see a message which shows the status of your sync.
Ongoing sync process
After syncing the Azure AD records into VisiPoint, the directory’s user ID will be added to the user’s record in the VisiPoint database. This means if this record is updated on the directory’s side, the system will be able to update the corresponding record in VP with the next sync process.
The sync process will be run automatically every specific period. The system admin will be able to set this period (daily, weekly or monthly). The admin can also choose to run the sync manually at any time.
When the sync process is run again (after the first sync is done) manually or automatically, the imported user records that don’t have any errors or duplicates will be imported directly. Any errors or duplicates will be listed in their grids, for the admin to resolve these.
If there are any errors or duplicates detected after the sync process is done, an email/SMS notifcation will be sent to the admin, informing them that there are some issues in the last sync process.
If a record is deleted from the directory, it should be automatically deleted from/deactivated in/kept in VP based on the action selected by the admin on the Integration Settings page.
The system user can deactivate the integration, and this will stop the automatic sync but they will still be able to run the sync manually.
List of integrations and status
When you navigate to the Integrations page from the left navigation on your dashboard, you will see a grid of your integrations (if you have any set up). The status will be shown for each. You can check the definition of each status below:
The image below shows the status column and the available actions for each integration.
- View:
Redirects to a page where the system user can check all the integration details.
The system user will be able to deactivate the integration to stop the automatic sync schedule and reactivate it again.
There will be statistics showing the number of errors, duplicates & records synced successfully.
- Force Sync
Allows the admin to run the sync manually
- See Errors
This option will appear if there are errors in the integration. If you click this you will be redirected to the Errors grid.
- Sync Logs
If you click this, it will open the sync logs.
- Edit
Redirects you to the Integration Settings page to make adjustments.
The mapping fields will be disabled if there are unsolved errors or duplicates.
- Remove:
Allows you to remove this integration. A pop-up will appear to confirm removing the integration.
- Continue
This option will appear only if the integration status is “Draft“. If you click this, you will be directed to the last screen before the first sync process was stopped.
If you need any help implementing this integration please reach our support team from the live chat bubble within your dashboard.