Skip to main content
Matrix42 Self-Service Help Center

Import from Azure Active Directory

Overview

As a rule, Digital Workspace Platform cannot access corporate networks and collect their data. Therefore, the Data Gateway service is installed within the corporate network that is managed by an Azure Active Directory server. The gateway collects the data on the Azure AD server and sends it to Digital Workspace Platform.

AAD Data Provider flow

1 - Activating the Azure Active Directory Data Provider

The Azure AD import can be triggered in several ways in Digital Workspace Platform:

  • Manually run Azure AD connector data import with the Activate action available in Administration application → Integration → Data Providers → Active Directory. It retrieves all data available at the configured remote Azure AD server(s).
  • Scheduled: configured AD Connector engine activation runs the import and triggers the Active Directory Data Provider according to the specified import schedule.

2 - Launching the Directory Domain Services Server Workflow

The Azure Active Directory Data Provider launches the Directory Domain Services workflow. It is a server workflow that is run in Matrix42 Digital Workspace Platform.

3 - Launching the Azure AD Collect Data Command

The Directory Domain Services workflow creates jobs according to the specified configurations of the Data Provider. The Data Provider configurations contain the information on the target domain and stipulate the conditions of import. When the Data Gateway finds the jobs, it starts the Azure AD Collect Data command.

4 - Retrieving Azure AD Objects

The Azure AD Collect Data command is run on the Data Gateway server and therefore it can access the network data. Based on settings in the Data Provider configuration, the command activity collects data on Azure AD objects and saves it as a package of XML files. A separate XML file is created for each imported object and for each type of deleted objects. If the import is configured for accounts, groups, the command activity generates the following list of files:

  • Account.xml contains all Azure AD users that are currently active.
  • Group.xml contains all Azure AD groups that are currently active.
  • DeletedAccount.xml is relevant for partial import and contains users that have been deleted on an Azure AD server since the last import.
  • DeletedGroups.xml is relevant for partial import and contains groups that have been deleted on an Azure AD server since the last import.
  • Membership.xml contains the relations between Azure AD groups and their members. 

5 - Passing Azure AD Objects to Digital Workspace Platform

The Data Gateway passes XML files to the Directory Domain Services workflow in Digital Workspace Platform.

6 - Creating and Updating Objects Based on Imported Data

The Directory Domain Services workflow executes import definitions for each imported object. It uses the XML files as the data source to either update Digital Workspace Platform objects with new values from Azure AD objects or create new objects in Digital Workspace Platform.

The following import definitions are executed:

  • AD: Import Accounts
    The import definition updates the existing accounts and creates new ones based on active users on an Azure AD server. It uses the Account.xml file as a data source.
  • AD: Import Groups
    The import definition updates existing groups and creates new ones based on active groups on an Azure AD server. It uses the Group.xml file as a data source.
  • AD: Import Persons
    The import definition updates existing persons and creates new ones based on active users on an Azure AD server. It uses the Person.xml file as a data source.
  • AD: Membership
    The import definition updates group membership for accounts, groups based on data from an Azure AD server. It uses the Members.xml file as a data source.
  • AD: Update Deleted Accounts
    If some Azure AD users have been deleted since the last import, this import definition changes the Status field value to Deleted for corresponding accounts in Matrix42 Digital Workspace Platform. It uses the DeletedAccount.xmlfile as a data source.
  • AD: Update Deleted Persons 
    If some Azure AD users have been deleted since the last import, this import definition changes the Status field value to Deleted for corresponding persons in Matrix42 Digital Workspace Platform. It uses the DeletedAccount.xml file as a data source.
  • AD: Update Deleted Groups
    If some Azure AD groups have been deleted since the last import, this import definition changes the Status field value to Deleted for corresponding groups in Matrix42 Digital Workspace Platform. It uses the DeletedGroups.xml file as a data source.