Skip to main content
Skip table of contents

User synchronization from Entra ID (Azure AD) with Microsoft Graph

Entra ID (formerly Azure AD) with Microsoft Graph is a service accessed from the Microsoft Azure Portal, where it has to be enabled and configured.

Entra ID (Azure) Multi-Tenant Synchronization and Authentication

You can now use multiple Entra ID tenants in MyQ environments to synchronize and authenticate users. This is particularly useful in shared print infrastructure settings, such as those found in the public sector, where multiple organizations manage printers from a single location, while each uses its own Entra ID.

Follow the process as described below but repeat it to set up multiple instances. Ensure that clear and unique naming is given to each tenant, which will allow users to identify which is relevant for their use.

Once the Entra ID connection is established, go to MyQ, Settings, User Synchronization.

Click Add, and then click Add Entra ID source.

In the Entra ID synchronization properties panel to the right, in the General tab, if you have already set up an Entra ID connection, the Entra ID server is already in the Authentication Server field. Fill in the Synchronization source field with a name which will allow the source to be easily identified, this simplifies administration and maintenance for environments with multiple Entra ID (Azure) tenants. Click Add new, to set up an Entra ID connection.

image-20240514-121958.png

Users tab

In Users to import, you can choose to import All users or Users from selected groups. If you chose the second option, select the user groups from the drop-down.

In the Properties section, you can map user information from Entra ID to the credentials in MyQ.

image-20240607-081057.png

In the Options section you can:

  • Deactivate Missing Users - This option allows the system to automatically deactivate users in MyQ X who are no longer present in the Microsoft Entra ID source.

  • Add New Users - When enabled, this feature automatically adds new users found in the Microsoft Entra ID source to MyQ X.

  • Use as authentication server - If you plan to authenticate users towards Azure using Active Directory credentials and use the Microsoft single-sign-on option, select the Use as authentication server option and click Save.

  • Pair by the personal number - If you select this option, MyQ identifies users by their personal number instead of their usernames. This way you can keep track of a single user with different names in different sources or a user whose name has changed for some reason. For example, if this option is activated and a username in LDAP changes from cat.stevens to yusuf.islam, MyQ does not create a new user account, but recognizes the old user by their personal number.

  • Ignore Synchronization Source - This option provides the ability to selectively ignore certain aspects or data from the Microsoft Entra ID source during synchronization.

  • Create normalized alias from Display name - This option means an additional alias is added to the user on top of those configured in the user attributes section, this alias takes form of AzureAD\concatedDisplayName. It allows proper recognition of users who print from Entra ID Joined devices.

In the Transformation section, the administrator can define regular expressions (RegEx) to transform user data during the synchronization process. For details, check Regular Expression transformation for User Synchronization.

Groups tab

In the Groups tab, you can select what level of group synchronization should be completed, and which Active Directory groups you want to remove from synchronization using the Ignore groups and Ignore groups containing string fields.

image-20240514-152905.png

Synchronize Now

Users can be now synchronized by selecting your Entra ID source from the list and clicking Synchronize now.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.