How-To: Configure Dynamic Account Mapping to sync users into a connected AAD
Goal
After completing this how-to you will know how to sync users from MyWorkspace to an connected Azure Active Directory, if the users domains are different to the connected verified domains. To understand how to connect an Azure Active Directory with MyWorkspace, please read this how-to article.
First Step: Enable Dynamic Account Mapping
Please visit the connectors blade in the admin section and enable Dynamic Account Mapping. Follow the button to the Dynamic Account Mapping page. On the left side of the page you see an introduction into Transformation Scripts that are used to implement the Dynamic Account Mapping. On the right side of the page you see an editor to write the Transformation Script itself.
Second Step: Write The Transformation Script
The Transformation Script follows a simple JavaScript syntax. Lets assume all your users have the email domain 'sourcedomain.com' (user1@sourcedomain.com, user2@sourcedomain.com, etc...) and you have a single verified domain in the Azure Active Directory named 'targetdomain.com'. The sync of users to an connected Azure Active Directory without a Dynamic Account Mapping configured will not work out-of-the-box in this scenario.
To achieve an successful sync you can simply add this Transformation Script into the editor:
context.CurrentUser.MailAddress = context.CurrentUser.MailAddress.replace('sourcedomain.com', 'targetdomain.com');
done(context);
Save your work before you leave the page.
Third Step: Sync Users Into the Azure Active Directory
Go back to the connectors blade and enable Export Users into Azure Active Directory to sync all users successfully to the connected Azure Active Directory.
