User Tools

Site Tools


azure_synchronization

Azure AD Synchronization

Starting from version 4.8, LUCY allows to import recipients from Azure AD and provides a possibility to automatically synchronize a recipient group with your Active Directory. Active Directory settings can be found under Settings > Azure AD Settings.

Please refer to this wiki article to establish the connection to Azure AD:
Configuration of OAuth 2.0 for Microsoft Azure

Make sure to configure an additional URI for import feature in the Azure application settings:

https://<lucydomain>:<port>/oauth

<lucydomain> - your Lucy's system domain, for example access.cloudserver.com
<port> - custom port (in case one's configured), for example 8443.
If the default port is being used, there's no need to specify it in the URI.

As soon as the connection has been configured to Azure AD, you may be able to import recipients and users directly from your directory service.

Azure AD Update Preferences

This menu allows configuring automatic synchronization of Azure AD recipients and users that were imported into LUCY. Automatic synchronization happens every 10 minutes.

Azure AD update preferences contain 2 options for automatic action. It is possible to configure LUCY to add users and recipients automatically or to wait for the Administrator's decision.

In case if you select "Waiting for administrator's decision", an Administrator will have to go to a control list and decide whether it is necessary to delete\add a recipient\user or not.

In Azure AD update preferences it can be determined the behavior for deleted recipients:

  • Automatically Delete Inactive
  • Never Delete Recipients
  • Waiting for Administrator's decision

It is also possible to customize the pattern of automatic import of users from AD. Lucy will scan Azure AD and automatically bind a role to an imported user according to the set filters.

Importing recipients in a group for a campaign

When you create a new recipient group you will be able to use the previously configured Azure AD connection to query and import all the users/groups:

LUCY will automatically match the user's attributes in the active directory with the available recipient attributes in LUCY.

If "Update existing recipients" option is enabled, recipient attributes will update during Azure AD import if these recipients have been imported before.

Autoupdate Azure AD Recipients

It is possible to configure LUCY to autoupdate recipient list from Active Directory.

You may use regular Active Directory search filters.
For detailed information about the filtering of the Azure AD please refer to Microsoft Documentation.

Azure Filter Search Examples

Scenario 1.
There is a need to import only the recipients who have the email domain ending with a specific set of characters. For example, @lucysecurity.company would require the following search query:

endswith(mail,'@lucysecurity.company')

Scenario 2.
Importing recipients with a name that starts with "User" would require the following search query:

startswith(displayName,'User')

Scenario 3.
Filter value to get all users with a location 'Ext1':

officeLocation eq 'Ext1'

Scenario 4.
If phone number of the recipient is not equil to '911' then the following query is being used:

mobilePhone ne '911'

Importing Users from Azure AD

If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (Settings > Administrative Users) and choose (Import > Azure AD):

The same user import menu can also be accessed via (Settings > Azure AD Settings > Import Users From Azure AD).

This way 5 types of Users can be imported:
The users for the admin portal of LUCY web interface:

  • Administrators
  • View users
  • Users
  • Supervisors

And also the members for the End-User Portal:

  • Endusers

End User e-learning portal

For more information regarding different user roles please refer to the article
User Management

Which AD fields can be used?

LUCY will automatically match the user's attributes in the Azure active directory with the available recipient attributes in LUCY. The default mapping between Lucy and Azure is presented below:

LUCY Azure Description Applying For
E-mail mail Recipient's e-mail address User & Recipient Import
Phone mobilePhone Recipient's phone number User & Recipient Import
Full Name displayName Recipient's full name User & Recipient Import
Staff Type jobTitle Recipient's staff status Recipient Import
Location officeLocation Recipient's location Recipient Import
Division department Recipient's working department Recipient Import
Language preferredLanguage Recipient's language Recipient Import
Lastname surname Recipient's second name Recipient Import
Firstname givenName Recipient's first name Recipient Import


azure_synchronization.txt · Last modified: 2021/12/16 13:35 by lucysecurity