====== Azure AD Synchronization ====== 

Starting from version 4.8, LUCY allows to import recipients from Azure AD and provides a possibility to automatically synchronize a recipient group with your Active Directory.
Active Directory settings can be found under **Settings** >  **Azure AD Settings**. 
\\
{{ :azure_sync_01.png?800 }}
\\
Please refer to this wiki article to establish the connection to Azure AD:\\
[[microsoft_azure_oauth_2_0|Configuration of OAuth 2.0 for Microsoft Azure]]

Make sure to configure an additional URI for import feature in the Azure application settings:\\

<code>
https://<lucydomain>:<port>/oauth
</code>
<lucydomain> - your Lucy's system domain, for example access.cloudserver.com\\
<port> - custom port (in case one's configured), for example 8443. \\
If the default port is being used, there's no need to specify it in the URI.


As soon as the connection has been configured to Azure AD, you may be able to import recipients and users directly from your directory service.

===== Azure AD Update Preferences =====

This menu allows configuring automatic synchronization of Azure AD recipients and users that were imported into LUCY. Automatic synchronization happens every 10 minutes.

{{ :azure_sync_02.png?600 }}

Azure AD update preferences contain 2 options for automatic action.
It is possible to configure LUCY to add users and recipients automatically or to wait for the Administrator's decision.

{{ :azure_sync_03.png?600 }}

In case if you select "Waiting for administrator's decision", an Administrator will have to go to a control list and decide whether it is necessary to delete\add a recipient\user or not.

{{ :azure_sync_04.png?600 }}

In Azure AD update preferences it can be determined the behavior for deleted recipients:
  * Automatically Delete Inactive
  * Never Delete Recipients
  * Waiting for Administrator's decision

{{ :azure_sync_05.png?600 }}

It is also possible to customize the pattern of automatic import of users from AD.
Lucy will scan Azure AD and automatically bind a role to an imported user according to the set filters.

{{ :azure_sync_06.png?600 }}



===== Importing recipients in a group for a campaign =====

When you create a new recipient group you will be able to use the previously configured Azure AD connection to query and import all the users/groups:

{{ :azure_sync_09.png?600 }}



LUCY will automatically match the user's attributes in the active directory with the available recipient attributes in LUCY. 

If "Update existing recipients" option is enabled, recipient attributes will update during Azure AD import if these recipients have been imported before. \\


===== Autoupdate Azure AD Recipients =====

It is possible to configure LUCY to autoupdate recipient list from Active Directory.


{{ :azure_sync_08.png?600 }}

You may use regular Active Directory search filters.\\
For detailed information about the filtering of the Azure AD please refer to [[https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter|Microsoft Documentation]]. 


==== Azure Filter Search Examples ====


**Scenario 1.**\\
There is a need to import only the recipients who have the email domain ending with a specific set of characters.
For example, @lucysecurity.company would require the following search query: 
<code>
endswith(mail,'@lucysecurity.company')
</code>

{{ :azure_filter01.png?600 }}

**Scenario 2.**\\
Importing recipients with a name that starts with "User" would require the following search query:
<code>
startswith(displayName,'User')
</code>

{{ :azure_filter02.png?600 }}

**Scenario 3.**\\
Filter value to get all users with a location 'Ext1':
<code>
officeLocation eq 'Ext1'
</code>

{{ :azure_filter04.png?600 }}

**Scenario 4.**\\
If phone number of the recipient is not equil to '911' then the following query is being used:
<code>
mobilePhone ne '911'
</code>

{{ :azure_filter05.png?600 }}
===== Importing Users from Azure AD =====

If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (Settings > Administrative Users) and choose (Import > Azure AD):

{{ :azure_sync_07.png?600 }}

The same user import menu can also be accessed via (Settings > Azure AD Settings > Import Users From Azure AD).

This way 5 types of Users can be imported:\\
The users for the admin portal of LUCY web interface:
  * **Administrators**
  * **View** users
  * **Users**
  * **Supervisors**
And also the members for the End-User Portal:
  * **Endusers**
[[end_user_e-learning_portal|End User e-learning portal]]

{{ :azure_import_roles.png?500 }}
For more information regarding different user roles please refer to the article\\
[[user_management|User Management]]



===== Which AD fields can be used? =====

LUCY will automatically match the user's attributes in the Azure active directory with the available recipient attributes in LUCY. The default mapping between Lucy and Azure is presented below:
\\

^ LUCY ^ Azure ^ Description ^ Applying For ^
| E-mail | mail | Recipient's e-mail address | User & Recipient Import |
| Phone | mobilePhone | Recipient's phone number | User & Recipient Import |
| Full Name | displayName | Recipient's full name | User & Recipient Import |
| Staff Type | jobTitle | Recipient's staff status | Recipient Import |
| Location | officeLocation | Recipient's location | Recipient Import |
| Division | department | Recipient's working department | Recipient Import |
| Language | preferredLanguage | Recipient's language | Recipient Import |
| Lastname | surname | Recipient's second name | Recipient Import |
| Firstname | givenName | Recipient's first name | Recipient Import |

\\