AAD Data Provider Settings
Overview
The Azure Active Directory Data Provider is designed for establishing the integration between Digital Workspace Platform and Azure AD server.
On this page, you may find data filtering conditions and advanced settings of the Azure Active Directory Data Provider.
Go to the Administration application → Integration → Data Providers → Azure Active Directory → click Edit → open Settings view.
Settings and Filters
This section contains a number of settings grouped as follows:
Domain
Use the single selection button to select the domain for which the integration should be established.
Import Users
Indicates whether users will be imported.
User Filter
If User Filter is active you can specify a collection of conditions based on a list of supported properties for filtering to retrieve just a subset of a collection.
Supported properties |
Description |
---|---|
Account Enabled |
true if the account is enabled; otherwise, false. This property is required when a user is created. |
City |
The city in which the user is located. |
Country |
The country/region in which the user is located; for example, “US” or “UK”. |
Department |
The name of the department where the user works. |
State |
The state or province in the user's address. |
Country Code |
A two-letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirements to check for availability of services in countries. Examples include: "US", "JP", and "GB". |
Display Name |
The name displayed in the address book for the user. This is usually the combination of the user's first name, middle name, and last name. This property is required when a user is created and it cannot be cleared during updates. |
Employee ID |
The employee identifier assigned to the user by the organization. |
First Name |
The given name (first name) of the user. |
Last Name |
The user's surname (family name or last name).
When the Last Name is not defined, the user's Display Name is used for filling Last Name (all parts after the first name are split with whitespace and added as the last name). |
Job Title |
The user’s job title. |
|
The SMTP address for the user, for example, "jeff@contoso.onmicrosoft.com". |
Mail Nickname |
The mail alias for the user. This property must be specified when a user is created. |
On-Premises Immutable ID |
This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user’s userPrincipalName (UPN) property. The $ and _ characters cannot be used when specifying this property. |
Other Mails |
A list of additional email addresses for the user; for example: ["bob@contoso.com", "Robert@fabrikam.com"] |
Proxy Addresses |
For example: |
User Principal Name (UPN) |
The User Principal Name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet Standard RFC 822. By convention, this should map to the user's email name. |
User Type |
A string value that can be used to classify user types in your directory, such as “Member” and “Guest”. |
Import Groups
Indicates whether groups will be imported.
Group Filter
If Group Filter is active you can specify a collection of conditions based on a list of supported properties for filtering to retrieve just a subset of a collection.
Supported properties |
Description |
---|---|
Display Name |
The display name for the group. This property is required when a group is created and cannot be cleared during updates. |
Group Types |
Specifies the group type and its membership. If the collection contains Unified then the group is an Office 365 group; otherwise, it's a security group. |
|
The SMTP address for the group. |
Mail Nickname |
The mail alias for the group, unique in the organization. This property must be specified when a group is created. |
On-Premises Last Sync DateTime |
Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z' |
On-Premises Sync Enabled |
|
Proxy Addresses |
Email addresses for the group that direct to the same group mailbox. For example: ["SMTP: bob@contoso.com", "smtp: bob@sales.contoso.com"] . |
Security Enabled |
Specifies whether the group is a security group. |
Filter conditions
To add a filter condition, follow these steps:
- Click Add Condition.
- Select the property you'd like to filter.
- Select an operator.
The following operators are supported by Azure Active Directory Graph API:
- Equals
- Starts With.
The filter conditions can be combined by using the following logical operators:
- AND
- OR
Creating groups of conditions is supported as well.
Only one kind of logical operator can be defined on each level
Known limitations
If "OR" operator is used at least once within filter then conditions count should not exceed 15. Validation message will be displayed in UI.
Additional Import Attributes
Additional attributes can be specified for Users and Groups Import starting from DWP 10.0 Update 3.
Additional Import Attributes section is available when at least one type of import is enabled: Import Users or Import Groups.
To configure the additional attributes you want to import, in the Settings section of the Data Provider configuration, fill out the following fields:
- Extension Application (client) ID:
- Same Application ID: by default, the configuration uses the same Application (client) ID that is specified in the General section.
- Other Application ID: if the additional attributes are available in the other tenant, clear the Extension Application ID is the same as Application (client) ID checkbox and specify the Extension Application (client) ID in the corresponding field;
- User Attribute Names (Separated by Commas): enumerate necessary attributes. Please note that attribute names are case sensitive;
- Group Attribute Names (Separated by Commas): enumerate necessary attributes. Please note that attribute names are case sensitive;
Update the import definition for User import accordingly, in order to correctly save the values from extended attributes in the database
For cases when both Azure Active Directory and on-premises Active Directory are used as import sources, Additional Import Attributes must be configured the same way in both configurations of these connectors:
- Configure Additional Import Attributes in Azure Active Directory connector configuration;
- Configure Additional Import Attributes in on-premises Active Directory connector configuration;
- Update the import definition accordingly, in order to correctly save the custom values in the database;
- Run import from both sources: Azure Active Directory and on-premises Active Directory.
Otherwise, if the Additional Import Attributes are configured only for Azure Active Directory, the on-premises Active Directory import fails.
Added attributes are also available for filtering:
See also: Microsoft Azure AD Directory extensions.