Azure
  • 17 May 2023
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Azure

  • Dark
    Light
  • PDF

Article Summary

SysAid’s Azure integration allows you to more efficiently manage the users in your company from one central location, by automatically pulling user data from Azure to SysAid. The integration runs these data imports about every 24 hours; saving time and preventing human error that could occur from manually copying the data. This integration can be configured for multiple Azure tenants.

While this imports user information from Azure within SysAid, the users themselves cannot access SysAid unless you also enable the Office 365 Single Sign On integration.

Important

If you have users that were imported via LDAP integration, to avoid duplicate users and problems with authentication, make sure that:

  • The users have the same email addresses in the Azure and LDAP repositories
  • The Sync user based on email address check box is selected in the Azure integration settings

To run these two integrations simultaneously, see Set Up Azure as a Secondary User Repository below.

Set up the Azure integration

  1. From the SysAid Marketplace, get the Azure addon.
  2. On the main My apps page, in the Azure icon, click .
  3. In the Azure dashboard, navigate to Azure Active Directory > Custom Domain Names.
  4. Copy the name that's in the Available status.
    IntegrationAzurefilesTenantname1Tenantname1.png
  5. Back in SysAid, paste the name into the Tenant Name field.
  6. In Azure, navigate to Azure Active Directory > App Registrations.
  7. Click New Registration.
    IntegrationOffice365NewRegistrationNewRegistration.jpg
  8. In the Name field, enter a name for the application (for example "SysAid Login").
  9. Click Register.
    TeamsSettingsfilesRegisterApplication.jpg
  10. Back in the overview screen, click Add a Redirect URI.
    azureSettingsfilesAppRegistration.jpg
  11. Click Add a Platform.
    azureSettingsfilesAddPlatform.jpg
  12. Click Web.
    azureSettingsfilesWeb.jpg
  13. in the Redirect URL column, add your SysAid account URI.
    azureSettingsfilesRedirectURLRedirectURL.png
  14. Click Configure.
  15. Click Overview.
  16. Copy the application (client) ID.
    azureSettingsfilesApplicationID.jpg
  17. Back in SysAid, paste the copied text into the Client ID field.
  18. Set Microsoft Graph permissions in Azure.
    1. In Azure, navigate to Overview > View API permissions.
    2. Click Add Permissions.
    3. Click Select an API.
    4. Select Microsoft Graph.
    5. Select the following permissions from the Application Permissions section:
      • Group.Read.All
      • TeamMember.Read.All
      • User.Export.All
      • User.Read.All
    6. Select the following permissions from the Delegated Permissions section:
      • Group.Read.All
      • GroupMember.Read.All
      • User.Export.All
      • User.Read
      • User.Read.All
      • User.ReadBasic.All
    7. Click Save.
    8. In the Required Permissions section, click Grant permissions.
    9. When prompted, click Yes.
      azureSettingsfilesAPIPermissions.png
  19. In Azure, configure a key.
    1. Navigate to Manage > Certificates and Secrets.
      azureSettingsfilesDashboard.png
    2. Click New Client Secret.
    3. Enter a key name in the description field.
    4. Select the expiration date.
    5. Click Add.
      azureSettingsfilesAddClientSecret.png
  20. Copy the contents of the key's Value column.
  21. Back in SysAid, paste the copied text into the Secret Key field.
  22. Enter the domain you want.
  23. If you are running SysAid version 20.1.14, enter the following default field mapping text in the JSON field to map.
    {"fieldsMapping":
    [{"sysAidName":"UserName" ,"azureName":"userPrincipalName", "type":"text"},
    {"sysAidName":"FirstName" ,"azureName":"givenName", "type":"text"},
    {"sysAidName":"LastName" ,"azureName":"surname", "type":"text"},
    {"sysAidName":"Location" ,"azureName":"officeLocation", "type":"list"},
    {"sysAidName":"Email" ,"azureName":"mail", "type":"text"},
    {"sysAidName":"Department" ,"azureName":"department", "type":"list"},
    {"sysAidName":"Company" ,"azureName":"companyName", "type":"list"}]}
    
    Feel free to make any changes you like.
    If you are running SysAid Cloud or a later On Premise version, see the next section for instructions on mapping fields.
  24. Click Save Changes.
  25. Click the slider to activate the integration. Note: It could take up to 12 hours for your Azure fields to be synced with SysAid. Don't edit the integration until sync is complete.

Manage the integration

Once the integration is complete, you can customize the way it works to best meet your needs.

  1. Define which SysAid fields get populated by which Azure fields by selecting the fields from the drop-downs.
    1. Click Add New Field, to map an additional field.
    2. Click azureSettingsfilesDelete.png, to delete a field mapping.
      For a full list of fields imported from Azure, see the table below.
  2. (Optional) Select the Import Groups check box if you would like to import groups from Azure to SysAid.
  3. (Optional) Select the Sync user based on email address check box if you want to use the Azure Email Address field as the User Principle Name instead of the Azure user name.
  4. (Optional) To add a tenant click Add.
  5. (Optional) To delete a tenant, click the Delete button corresponding to the tenant you want to delete.
  6. Click Save Changes.
  7. (Optional) If you want to manually import all the users from Azure according to the settings and filters that you configured, click Import Now. Please note that this process can take a while to complete.
    1. If the Import Now button is disabled, you can hover over the button for a tool-tip that explains why the button is disabled.

Filter Options

The Azure integration allows for multiple options for filtering the import from Azure to SysAid.

  • (Optional) If you want to filter which users are imported (based on fields such as Department or Group Name), clickSharedimagesEllipsesbuttonEllipsesbutton5.jpg to set up a filter.
    • If you want to verify that the imported users all have a first and last name in Azure Active Directory, make sure that the corresponding check box is selected.
      azureSettingsfilesAzureFilter.gif
  • If you want to filter which groups are imported from Azure, clickSharedimagesEllipsesbuttonEllipsesbutton5.jpg .
    • This filter will only work if the Import Groups checkbox is selected.
  • By default, SysAid imports users who are defined as active in Azure. To import all users, clear this checkbox.

Fields Imported

When you import data from Azure, the integration pulls the values from the maps the values from Azure fields to SysAid user fields as follows:

Azure FieldSysAid Field
IDUser ID
Phonephone
Display NameUser Name
Given NameFirst Name
EmailEmail
Cellular PhoneCellular Phone
office locationLocation
Preferred LanguageLanguage
Company NameCompany
DepartmentDepartment
ManagerManager
SurnameLast Name
CountryCustom field
CityCustom field
Company NameCompany
Job TitleJob Title
Postal CodeCustom field
Employee IDCustom field
StateCustom field
StreetCustom field
User TypeCustom field

Set Up Azure as a Secondary User Repository

If you are using another user depository (such as LDAP) with SysAid, you can select to set up Azure as a secondary user repository within SysAid. This allows you to take advantage of the SysAid features that require Azure integration while still using the user repository that you are most comfortable with. 

To set up Azure as your secondary SysAid user repository:

  1. Select the Azure is secondary to another User Repository checkbox.
  2. Click Save Changes.




Was this article helpful?

What's Next