After login to portal, click on the AD sync from left side menu. Navigate to AuthX as shown in figure.

It will ask to enter your credentials. If user is not having any account, he/she needs to create one by completing the signup flow.

Factor Authentication-After giving the login credentials for the new signup user, generate OTP either from email, SMS, Call.

Once logged in to AuthX portal and click the Applications from the left side menu.

Under Applications click on ‘Protect an Application’ as shown in figure.

Protect an application navigates user to a page which displays all the application associated with the account.

Select “Microsoft Graph API” from the list and click on ‘Protect’.

The next window shows the Application ID, Application Key and Admin Hostname. Copy all these information as this is required in XT portal to sync the directories.(Blue arrow mark pointed)

Enter the application name and description (optional).

Next, click on the ‘Save’ button.(blue arrow mark pointed) which is in next image.

The window will navigate to Microsoft login. In case the user has enabled 2FA (from microsoft or third party), it will ask for one time password after entering the credentials. Enter the OTP and accept the permissions to continue with Microsoft login.

The window navigates back to AuthX Directory Sync page. Now you can select the groups to be synced from drop-down and click on ‘Sync Directory Now’.(Blue arrow mark pointed)

Switch back to AD Sync tab on XT portal. Enter the Application Id, Application Key and Admin Hostname copied from AuthX portal.

Click on ‘Save and Next’ button as shown in figure.

User will now be able to see all the groups he synced from AuthX application side in the drop-down. Once you select the groups you want to continue with, click on ‘Next’ button.

Next window will allow you to select the groups with respect to different member type.

Note: One group can not be assigned to different member types.

Click the ‘Next’ button.

Similarly you can select the groups with respect to different Roles and click on ‘Next’ button.

The window navigates to attributes mapping page where user can map the AD attributes to .me attributes.

Note: By default id would be mapped to MemberId.

User can map the first name, last name, email and other fields. If user wants to map any custom field, he/she can choose the respective AD attribute and custom attribute from .me side.

Below is the eg. of mapping the attributes.

Additional Attributes: There are several additional attributes one can find under here.

Any other attributes can be mapped in with custom attribute as shown in figure.

After completing the mapping,click the ‘Sync’ button to start the member sync.

User will see the Sync details including last sync time, sync status, groups and type on next window (see the figure).

User can download the logs and see the errors. Below is the sample of the log file.

Now user can see the synced member under the member management. The additional attributes can be seen under the member details on ‘Edit Member’ window (see the snippet).

When changing mappings or an additional field, user needs to ‘Reset’ the parameters on AD Sync window. After clicking the ‘Reset’, it will show the pop up to delete the members.

Once deleted, follow the above steps again to rerun the process.

• AD Synced Member or User will be in non-editable format (i.e., member/user cannot be edited) as shown in Figure 1 and 2.Save button will be disabled.

• Same Groups cannot be assigned to Multiple Member Type, in that case it will throw the error as below and also Samr Group cannot be assigned to both members and users.

• While doing Touchless Registration for AD sync members, if their touchless registration is failed and that workflow is assigned to failure questionaire notifications. Member will receive the Email “Failed Questionaire with/without content “ with additional attributes which is mentioned in Edit Member section from the Members page.