The below steps outline the process of configuring the Active Roles Synchronization Service for a Back Sync which links objects already in Azure with on-prem Active Directory objects. A video is available below.
For steps on integrating Microsoft Azure with Active Roles 7.2 so that Active Roles can create and edit objects, please see Part 1.
- Log into the Azure Portal.
- Navigate to Azure Active Directory | App Registrations
- Choose New application registration. The name can be anything as needed. The Application Type must be Web app / API. The Sign-on URL must be http://localhost
- After the application is created, click on it and select Keys
- Enter a Key Description and an Expiration Duration.
- Choose Save and immediately copy the displayed key to a safe location. NOTE: This key is only displayed once. If lost, a new key will need to be generated.
- On a computer with the Azure Active Directory Module for Windows installed, run the script attached below, which can also be found in the Active Roles 7.2 Synchronization Service Administrator Guide. Be sure to substitute the Application ID from the application which was created in Step 3 above. When prompted, use a credential with Global Administrator access on the Azure side.
- Open the Active Roles Synchronization Service Console and choose Connections on the left.
- Create a new connection. In the Use the specified connection: dropdown, choose Microsoft Azure AD Connector. Use the Azure AD Domain which was gathered in Part 1 of this series. The Client ID is the Application ID gathered from the Azure Portal, and the Key is the one which was generated in Step 6 above. If a connection to Active Roles is not already present, it will be necessary to create one as well.
- Choose Mapping and the Azure connection.
- Add a mapping pair, and create a mapping between Azure User objects and Active Roles User objects.
- Click on the new User - User mapping pair and then Add mapping rule
- If valid for your configuration, specify the userprincipalname as the mapped attribute.
- Choose Sync Workflows on the left and then Add sync workflow
- Click on the new Workflow and then Add synchonization step
- This is an Update step. The source connection will be the Azure connection, and the target will be the Active Roles connection.
- Click on the Forward Sync Rule button and add an update of the Azure ObjectID to the Active Roles edsvaAzureObjectID attribute.
- Also create a Forward Sync Rule to post a text value of TRUE to the Active Roles edsvaAzureOffice365Enabled attribute.
- Save and run the Synchonization Step.
If desired, the Synchonization Step can be set to run on a schedule.