Skip to content

Azure Active Directory - Data Access User Synchronization#

This topic covers how you can synchronize users,  groups, and service principals from your existing Azure Active Directory (AAD) domain.

Pre-requisites

Ensure the following pre-requisites are met:​

  • Create an Azure AD application.

  • Get the values for the following Azure properties: Application (client) ID,  Client secrets

Configuration

  1. SSH to the instance as ${USER}.

  2. Run the following commands.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.usersync.azuread.yml config/custom-vars/
    vi config/custom-vars/vars.usersync.azuread.yml
    
  3. Edit the following properties. For property details and description, click here.

    USERSYNC_AZUREAD_TENANT_ID: "<PLEASE_CHANGE>"
    USERSYNC_AZUREAD_CLIENT_ID: "<PLEASE_CHANGE>"
    USERSYNC_AZUREAD_CLIENT_SECRET: "<PLEASE_CHANGE>"
    USERSYNC_AZUREAD_DOMAINS: "<PLEASE_CHANGE>"
    USERSYNC_AZUREAD_GROUPS: "<PLEASE_CHANGE>"
    USERSYNC_ENABLE: "true"
    USERSYNC_SOURCE: "azuread"
    USERSYNC_AZUREAD_USE_GROUP_LOOKUP_FIRST: "true"
    USERSYNC_SYNC_AZUREAD_USERNAME_RETRIVAL_FROM: "userPrincipalName"
    USERSYNC_SYNC_AZUREAD_EMAIL_RETRIVAL_FROM: "userPrincipalName"
    USERSYNC_SYNC_AZUREAD_GROUP_RETRIVAL_FROM: "displayName"
    SYNC_AZUREAD_USER_SERVICE_PRINCIPAL_ENABLED: "false"
    SYNC_AZUREAD_USER_SERVICE_PRINCIPAL_USERNAME_RETRIVAL_FROM: "appId"
    
  4. Run the following commands.

    cd ~/privacera/privacera-manager 
    ./privacera-manager.sh update
    

Last update: July 23, 2021