Directory sync

(Role Required: Owner, Administrator, User Manager)

The admin can use the directory sync to sync users from different sources. At this phase of our project we are only doing Azure Active Directory sync.

Azure Active Directory

The azure active directory lists the following data in the grid

  1. Name

    1. Name of the active directory which is being synced.

    2. This information is obtained from the sync.

  2. Send Enrollment?

    1. This flag describes if the user should be sent an enrollment email to enroll to AuthX.

    2. This is a flag that is set while syncing groups.

  3. Normalize Usernames?

    1. This flag describes all the aliases of the user from the AD and AuthX normalizes those usernames.

    2. This is a flag that is set while syncing groups

  4. Last Scheduled Sync

    1. This is the time stamp of when the last sync was conducted.

    2. Usually the sync happens every overnight.

    3. This information is obtained from the sync.

Azure Active Directory Sync Workflow

The admin sync’s a new directory by clicking on the New Directory button in the top right corner of the directory sync page.

  1. The admin authorizes the sync by clicking on the Authorize button under Azure Active Directory->Azure Active Directory tabs.

  2. The admin is redirected to a page where he logins to his Microsoft account by entering his password.

  3. The admin accepts the permission requested by Microsoft by clicking on the Accept button.

  4. The admin is directed back to the AuthX portal, where the user can select the groups that he wants to sync. The admin can choose multiple groups. Admin must choose at least one group

  5. After the directory sync is added,

    1. Not Enrolled metric count increases.

    2. All the users synced are in the Users grid, with the user’s status being Inactive, Source type being Ad Sync and Last Login being Never Authenticated.

    3. The groups synced in the Groups grid with list of users count

User Enrollment Workflow (Synced User)

(Role Required: Synced User)

The user enrollment workflow for synced users is different from the in-cloud users enrollment workflow. Following are the steps for the user who was synced to enroll to AuthX-

  1. Enrollment Email

    1. User receives an enrollment email to his mailbox.

    2. Below is the template for the enrollment email.

  2. Select enrollment, user is directed to the Create password page

  3. Redirect to Phone number page (if needed, update the phone number)

  4. For activating, either scan QR code or Generate OTP method

  5. After scanning the QR code successfully, green tick mark displays on the QR code

  6. After click on continue, it redirects to Confirm your identity page. Use anyone of the authentication factors to login.

Editing User (Synced User)

The admins (Owner, Administrator and User Manager) cannot edit a user’s information like First name, Last name, Username Aliases and Primary Username. The admin however can delete user’s phone.

Deactivating User (Synced User)

The admins (Owner, Administrator and User Manager) cannot deactivate a user who has been synced into the system. They can only deactivate the user from the directory in Microsoft Azure (from where he was synced). Therefore, below is the screenshot of the edit user page for Synced User

Leave a Reply