Azure Active Directory (Azure AD) User Sync

Azure Active Directory (Azure AD) User Sync

Integrate Azure Active Directory with ServiceDesk Plus MSP Cloud to sync users periodically across both applications.
You can import user data from Azure AD based on specific criteria and map Azure AD fields with ServiceDesk Plus MSP Cloud fields. This ensures that any changes made in either application will be automatically updated across both applications.
Role Required: SDAdmin
Info
ServiceDesk Plus MSP Cloud only reads user data from Azure AD via API and does not modify.  
To sync user data other than basic details,
  1. Enable Microsoft Azure integration before you integrate Azure Active Directory.
  2. Make sure that you have a Global Administrator profile in Microsoft Azure.
 

Enable Azure AD User Sync   

  1. Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
  2. On the Azure AD User Sync card, enable the toggle.
  3. Click Agree.
 
 
  1. If Microsoft single sign-on is not configured, you will be redirected to the Microsoft authorization page to verify user identity. Sign in using Microsoft account credentials and complete the one-time authorization process.
 
 
 
  1. After you sign in, the integration will be enabled in ServiceDesk Plus MSP Cloud.
  2. Post integration, a minimum of 200 user data will be updated to ServiceDesk Plus MSP Cloud every two minutes.
 

Configure Azure AD User Sync     

  1. Click Configure on the Azure AD User Sync card to perform the following:
    1. Sync Settings
  1.      Schedule the sync 
  2.      Configure user deletion sync 
    1. Field mapping 
    2. Set import criteria


Set Sync Frequency 

Set the sync frequency to define how often synchronization must execute. You can select a frequency ranging from 1 to 7 days.

Configure User Deletion Sync 

Choose how the user data must reflect in ServiceDesk Plus when they are deleted in Azure AD.
  1. When users are deleted or moved to the trash in Azure AD, you can modify user profiles in ServiceDesk Plus MSP Cloud as follows: Revoke login, Remove user, and Do nothing.
  2. Select how to handle deleted users during the next sync: You can either ignore the deleted users or re-sync them using appropriate options.     
 

Field Mapping    

Choose which fields in Azure AD should be mapped to the respective ServiceDesk Plus MSP Cloud fields.
By default, i.e, before the Microsoft Azure AD integration is enabled, the following Azure AD fields can be mapped:
  1. Name
  2. First Name
  3. Last Name
  4. User Principal Name
  5. Email
If Microsoft Azure integration is enabled, you can map the following details in Azure AD with ServiceDesk Plus MSP Cloud fields as required:

Azure AD Fields
ServiceDesk Plus MSP Cloud Fields
Name
First name
Last name
Employee ID
Email
Alternate Email
Office Phone
Mobile Phone
Department
Job title
Manager
Cost Center
On-premises SAM Account Name
On-premises Domain Name
On-premises User Principal Name
User Principal Name
Company Name
Street address
State or Province
Country or region
Office
City
ZIP or Postal Code
Division
Fax Number
On-premises Distinguished Name
On-premises Immutable ID
On-premises Last Sync Date Time
 
On-premises Security Identifier
Display Name
First Name
Last Name
Employee ID
Email
Secondary Email
Phone
Mobile
Department Name
Job Title
Reporting Manager
Site
AD Login Name
 
Info
AD Login Name is populated based on On-premises SAM Account Name, On-premises Domain Name, and On-premises User Principal Name details. 
User profile images from Azure will also be synced to their accounts. Any updates to the profile image in Azure AD will automatically be reflected during subsequent syncs.
Select and map the relevant fields as shown. You can map only one Azure AD field with one ServiceDesk Plus field.
 
 
Info
Field mapping supports both user and technician additional fields (character-based). 

Set Import Criteria 

You can import all users or specific users based on criteria.
To import users based on criteria, select Based on criteria and add one or more conditions using the drop-downs and logical operators.
To import all users without any criteria, select Without criteria.
 
 
By default, Azure AD Fields are available for criteria configuration:
  1. Domain
  2. Email
  3. First Name
  4. Last Name
  5. Name
  6. Usage Location
  7. User Principle Name
  8. Users with Azure Login
 
If Microsoft Azure integration is enabled, the following fields will be available for configuring criteria, in addition to the above fields:
  1. User Type
  2. Department
  3. Office
  4. Job title
  5. Employee ID
  6. Mobile Phone
  7. Business Phone
  8. Reporting To
  9. City
  10. Company Name
  11. Street Address
  12. State or Province
  13. ZIP or Postal Code
  14. Country or Region
  15. Alternate Email
  16. Groups
  17. Cost Center
  18. Division
  19. Fax Number
  20. On-premises Sync Enabled
  21. On-premises Distinguished Name
  22. On-premises Domain Name
  23. On-premises Immutable ID
  24. On-premises Last Sync Date Time
  25. On-premises SAM Account Name
  26. On-premises Security Identifier
 
After you configure, click Save to save the configurations or click Save and Sync to save the configuration and initiate sync immediately.
 
 
You can also start the sync using the Start Sync button on the Azure AD User Sync integration card.
 
 

Resync Data from Azure    

After the initial sync, administrators can initiate a complete resync of all user data from Azure to ServiceDesk Plus MSP Cloud. This option can be used when the integration configurations are modified after users are imported to ServiceDesk Plus MSP Cloud.
  1. On the Azure AD User Sync card, click Configure.
  2. Select Resync to apply changes to the old data option.
  3. Click Save.

Users in Azure
Number of Resync Allowed
Less than 10,000 users
2 resync every 24 hours (the time taken is tracked for each resync individually)
More than 10,000 users
1 resync every 24 hours
 
 
Info
Resync data is available only for Enterprise edition of ServiceDesk Plus MSP Cloud. 

Disable Azure AD User Sync   

  1. Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
  2. Disable the toggle on the Azure AD User Sync card.
  3. Click Disable on the confirmation pop-up.
     
Info
All users imported into ServiceDesk Plus from Azure AD will be retained even after the integration is disabled. 

Azure AD User Sync Reports   

Get a report on all modifications taken on each user synced from Azure Active Directory, including additions, updates, and deletions of user data.
To get the report,
  1. Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
  2. Click Configure on the Azure AD User Sync card.
  3. Under the Sync Reports section, select the Enable Azure AD User Sync Reports checkbox
 
The reports will now be available to download as shown:


Info
A maximum of 10 reports, each up to 10 MB in size, will be available. After reaching this limit, the oldest report will be automatically deleted to accommodate new reports. 

Points to remember   

  1. If the administrator who configured Azure User Sync integration leaves the organization, the user who revokes the administrator/global admin privileges for the former administrator will be added as the integration owner. The new integration owner's token will be used to validate the integration.
  2. Users in unverified domains will be added as non-login users in ServiceDesk Plus MSP Cloud.
  3. Login users will be added only if the Account Enabled field is selected in Azure AD.
  4. If the Account Enabled field is enabled after adding users to ServiceDesk Plus MSP Cloud, login permissions will be provided to users in the subsequent sync.
  5. If the Account Enabled field is disabled after adding users to ServiceDesk Plus MSP Cloud, login permissions will not be removed. However, users added going forward will not have login permissions.

Process Workflow   


 

    • Related Articles

    • Configure Active Directory

      You can import users from active directory to a centralized ESM directory and keep them periodically synced. Imported users are displayed under ESM Directory > Active Directory Settings. Use Case: An organization which manages its user data in Active ...

    • Active Directory Login Issues

      This document provides you resolutions or workarounds for common error messages and issues you might encounter when configuring Active Directory (AD) authentication. Signature Validation Failed If you are using AD FS 2.0 as your identity provider, a ...

    • Microsoft Azure Integration

      The Microsoft Azure integration provides additional authorization over Microsoft single sign-on. With this integration, you can import users' department and site details along with their basic information from the Azure directory. Role Required: ...

    • Asset Auto Assign

      AssetExplorer Cloud allows you to automatically assign users to assets based on the last login information from one of the following scanning methods: Domain scan Network scan SCCM scan Manual scan Agent scan via Endpoint Central Asset Auto Assign is ...

    • AD Integration & Single Sign On Issues

      1. Can we connect more than one ADFS to Service Desk Plus MSP Cloud? In SDP MSP Cloud only one Login URL can be configured for SAML Authentication which means only one AD FS Server URL can be used. If you have multiple domains, you can have the AD FS ...