AD Sync

AD Sync takes care of all the operations that are related to synchronize identity data between your on-premises environment and Azure AD. This process requires a one-time setup with following steps.

After login to portal, click on the AD sync from left side menu. Navigate to AuthX as shown in figure.

It will ask to enter your credentials. If user is not having any account, he/she needs to create one by completing the signup flow.

Once logged in to AuthX portal and click the Applications from the left side menu.

Under Applications click on ‘Protect an Application’ as shown in figure.

Protect an application navigates user to a page which displays all the application associated with the account.
Select “.me” from the list and click on ‘Protect’.

The next window shows the Application ID, Application Key and Admin Hostname. Copy all these information as this is required in XT portal to sync the directories.
Enter the application name and description (optional).
Next, click on the ‘Save’ button.

Now, click the ‘Users’ from the left side menu and go to ‘Directory Sync’ tab (See fig.1).

Click on the ‘New Directory’ which navigates on next page. Click on ‘Authorize’ to grant permissions to AuthX to read from your company’s Azure Active Directory (See fig. 2)

Figure 1
Figure 2

The window will navigate to Microsoft login. In case the user has enabled 2FA (from microsoft or third party), it will ask for one time password after entering the credentials. Enter the OTP and accept the permissions to continue with Microsoft login.

Note that 2FA on Ad Sync is compatible with all the browsers (Chrome, Edge, IE)

The window navigates back to AuthX Directory Sync page. Now you can select the groups to be synced from drop-down and click on ‘Sync Directory Now’.

Sync between Azure and AuthX is initiated every 4 hours for new users added into the group. 

Switch back to AD Sync tab on XT portal. Enter the Application Id, Application Key and Admin Hostname copied from AuthX portal.

Click on ‘Save and Next’ button as shown in figure.

User will now be able to see all the groups he synced from AuthX application side in the drop-down. Once you select the groups you want to continue with, click on ‘Next’ button.

Next window will allow you to select the groups with respect to different member type.

Note: One group can not be assigned to different member types.

Click the ‘Next’ button.

Similarly you can select the groups with respect to different Roles and click on ‘Next’ button.

The window navigates to attributes mapping page where user can map the AD attributes to .me attributes.

Note: By default id would be mapped to MemberId.

User can map the first name, last name, email and other fields. If user wants to map any custom field, he/she can choose the respective AD attribute and custom attribute from .me side.

Below is the eg. of mapping the attributes.

AD Attributes.me Attributes
idMemberId (Default Mapped)
firstNameFirst Name
lastNameLast Name
mobilePhoneMobile
RFIDCodeAccessID
ManagerNameCustom
mailEmail

Additional Attributes: There are several additional attributes one can find under here.

Any other attributes can be mapped in with custom attribute as shown in figure.

After completing the mapping,click the ‘Sync’ button to start the member sync.

User will see the Sync details including last sync time, sync status, groups and type on next window (see the figure).

User can download the logs and see the errors. Below is the sample of the log file.

Now user can see the synced member under the member management. The additional attributes can be seen under the member details on ‘Edit Member’ window (see the snippet).

When changing mappings or an additional field, user needs to ‘Reset’ the parameters on AD Sync window. After clicking the ‘Reset’, it will show the pop up to delete the members.

Once deleted, follow the above steps again to rerun the process.

Leave a Reply

%d bloggers like this: