Templates contain common mappings and settings used to sync Users, Contacts, Devices, Groups, Office 365 Groups and Microsoft Teams. A template can then be applied to any workflow with a Stage Data step.
To manage templates, simply open the left navigation menu and click Templates, located under Setup, see figure 1.
Figure 1: Directory Sync Setup and Settings Menu
A mapping entry defines a relationship between an attribute in the source, and an attribute in the target. It tells Power365 Directory Sync where to place the value from a source attribute, and how to modify it if necessary.
Normally this is a one-to-one relationship, for example the value found in the employeeID attribute in the source environment will be written to the employeeID attribute in the target.
You can modify this mapping by double-clicking on it.
For example, suppose that this project was an acquisition, where the target environment company acquired the source. And in the source company, they use the employee ID field as a unique identifier, but in the target company they user employee number instead of employee ID. The first thing to do would be to remove the employee ID attribute entry as we don’t want that source value to be written as is.
Then, we would modify the employee number mapping, so that source will be the employeeID, and it would be written to employee number.
You can hold down your control key and select one or more mappings to remove if you don't want them. More options can be found under the advanced button.
If you choose to export and edit the mappings file and then import the file, the columns must remain in the same order or no mappings will be imported.
The Power365 Directory Sync agent is the key component that communicates between a local Active Directory environment and the Power365 Directory Sync service.
The agent must be installed in every forest that you plan to include as a Power365 Directory Sync environment. We suggest that you create a virtual machine exclusively for this purpose. Review the Power365 Directory Sync Requirements for the minimal hardware and software requirements.
First, choose the environment that the agent will be associated with.
You will be able to download the latest version of the agent from the Power365 Directory Sync agent screen. Copy the URL and the access key that will be needed during the install of the agent. The downloadable executable is the same for all projects, it is the Registration URL and Registration Key that makes the agent unique when it is installed.
To install of the agent enter credentials that have read or read\write access to the domain, depending on the direction of synchronization.
Copy and paste the information from the Power365 Directory Sync agent screen.
No further action is needed on the workstation. A look at services confirms that the Power365 Directory Sync agent is running.
A list of agents appears on summary screen, including status information as well as the registration URL and access keys should you need them again in the future.
To manage agents, simply open the left navigation menu and click Agents, located under Setup, see figure 1.
Figure 1: Directory Sync Setup and Settings Menu
On the Agents page, you can check the current status of your current agents or add new ones. Select an agent for additional options. You have the option to copy the Registration URL or the Registration Key if you need to reinstall the agent for any reason. The History button will give you details on the run history. When the agent is updated, any agent using the old version will offer you the upgrade option so that you can update your current agent installation.
If you need to uninstall an agent from any machine, in order to reinstall on the same machine, you must first delete the registry folder located at HKEY_LOCAL_MACHINE> SOFTWARE> Binary Tree> P365Agent and then uninstall.
Afterwards, simply create a new agent (with a new access key) under Agents managements from the left navigation menu before re-installing on the same machine.
A guest user is an Azure Active Directory Business-to-Business account which is utilized to provide seamless collaboration between the Microsoft Cloud organizations.
For more context and details check out Microsoft’s document on the topic, What is guest user access in Azure Active Directory B2B?
Yes, Power365 Directory Sync provides create, update and delete capabilities to keep your multiple identities, objects and properties in sync for short-term and long-term integration needs.
There are two (2) new additional options to create users in a target cloud directory, highlighted below. The image shows the Template wizard where you may manage how users are created.
Figure 1: Example Template Wizard - Create New Users – Guest Options
The Guest User option (see figure 1) will create a user object with the type of Guest within the destination directory configured in the workflow. This user’s password will be set and managed within the target directory management controls. This user’s UPN, Display Name and email address will be constructed based on the template mapping controls configured within the workflow.
The Guest Invite option (see figure 1) will create a user object with the type of Guest within the destination directory configured in the workflow and immediately send an invitation to the source email user account. This user’s UPN will be constructed automatically by Microsoft to meet their requirements for B2B functionality. This user’s password will not be set and will continue to be managed from the source directory management tools and administrators. All other attributes set during creation will be determined by the template mapping controls configured within the workflow.
Yes, Microsoft provides numerous methods for managing invitations. For more details, see the Azure Active Directory B2B documentation.
Yes, Power365 Directory Sync can match and update existing Guest user types in Active Directory and Azure AD.
To match a source user object to a target Guest user object can sometimes be challenging because depending on the type of target Guest user object, there may not be a readily available attribute or property that can be used for an exact match to ensure an accurate match.
How to identify unique attributes for Matching to Guest Users
Before synchronization, you must first decide how to derive the matching attribute pairs between the source user object and target guest object. In other words, what parameters in your environment are unique to your external collaborators? Determine a parameter that distinguishes these external collaborators from members of your own organization.
A common approach to resolve this is to:
- Designate an unused attribute (for example, extensionAttribute1) to use as the source attribute that will match to a unique identifier attribute, such as email, in the target.
- Next construct the value for that attribute from other source properties, to create a unique identifier that will be found in the target. For example, use the email address of the source user to construct the extensionAttribute1 value as Source Local Part @ Target Domain.
Yes, Power365 Directory Sync supports the creation of local user objects for this purpose. Simply configure the template mappings to set the attribute value of the predetermined attributed which will be used by Azure AD Connect to set the UserType = Guest in the cloud object. If you are using a different method within Azure AD Connect, adjust your mapping rules to fit your needs.
You can use Azure AD Connect to sync the accounts to the cloud as Azure AD B2B users (that is, users with UserType = Guest). This enables your users to access cloud resources using the same credentials as their local accounts, without giving them more access than they require.
For more information about How to grant local users access to cloud apps read this Microsoft article on the topic.
For details on How to enable synchronization of UserType for Azure AD Connect then please read this Microsoft document.