User Guides Aiimi

Azure Active Directory

Introduction

Synchronise users and groups from your Azure Active Directory (Azure AD). Azure AD is an identity management service provided by Microsoft used by Office 365.

It is cloud only, and stores user and group information. These can come from Office 365 or synchronised from a traditional domain. It is not an LDAP compatible directory store and uses a different API. It has reduced functionality so It cannot authenticate users. Authentication must come from another source like ADFS orWindows Integrated Authentication.

Configuring AzureActiveDirectory Security

General

  1. Within the Source tab select AzureActiveDirectory from the Security System drop down.

  2. Enter the URI for your directory. Often this is https://login.microsoftonline.com/ followed by the tenant name. This may not be the case for some types of Office 365 e.g. Educational or Governmental.

  3. Within Select Credentials choose the relevant credential for this token from the dropdown.

  4. Enter the old style NETBIOS domain name into the Featured Domain Name. This will be used when qualifying synced objects from an on-premise domain.

  5. Enter the Azure Domain Name into the Managed Domain Name field. This will get qualifying objects created from Azure Active Directory.

Groups Sync

This filter will be used when synchronising groups. Use the filter parameter syntax to retrieve a subset of a collection based on its properties. Support for creating a Parameter Syntax and How to determine group sync properties.

Only synchronise security enable groups is a predefined filter equal to (securityEnabled eq true). Enable this to synchronise only groups that can be used to secure access.

Users Sync

The user sync area should be used to filter in and out users from synchronising and also adding group.

  1. Create filters used when synchronising users to Aiimi Insight Engine within User filters. Create the filters using Parameter Syntax.

Select from our pre-made list of filters.

  1. The two options are predefined filters equal to (onPremisesSyncEnabled eq true) and (userType eq 'Member'). Control what users synchronise by checking either:

    • Synchronise federated (on-premise) users

    • Synchronise managed (Azure AD) users.

      • All users will be synced, including some users that are neither federated or managed when neither are ticked.

  2. To filter out any expired accounts check Only synchronise enabled users. This is a predefined filter equivalent to (accountEnabled eq true).

  3. To filter out users without an Office 365 license check Only synchronise licensed users.

You can add to all user's groups by adding the group to Additional Groups. This must include the appropriate qualifier.

You can remove groups from user's by adding the group to Excluded Groups. This must include the appropriate qualifier.

PreviousActive DirectoryNextBuiltinSecurity