Skip to main content
Skip table of contents

User synchronization from Azure AD with Microsoft Graph

Azure AD with Microsoft Graph is a service accessed from the Microsoft Azure Portal, where it has to be enabled and configured.

Once the Azure AD connection is established, go to MyQ, Settings, User Synchronization. Click Add, and then click Add Azure AD source.

Adding an Azure AD sync source

In the Azure AD Synchronization properties panel to the right, in the General tab, if you have already set up an Azure AD connection, the Azure AD server is already in the Authentication Server field. Otherwise, click Add new, set up an Azure AD connection, and then click Save.

Users tab

Azure sync users tab

In Users to import, you can choose to import All users or Users from selected groups. If you chose the second option, select the user groups from the drop-down.

In the Properties section, you can map user information from Azure AD to the credentials in MyQ.

  • For the User name user property, you can choose between the userPrincipalName (default), displayName, and upnPrefix attributes.

  • For the Alias user property, you can one or more of the following attributes: userPrincipalName, displayName, upnPrefix, onPremisesSamAccountName, and onPremisesSamAccountName@onPremisesDomainName. If you choose the onPremisesSamAccountName@onPremisesDomainName option, the user's Alias after synchronization will be a combination of the user's Azure AD attributes onPremisesSamAccountName and onPremisesDomainName in the format, for example, user@myq.cz.

  • For the Card, PIN, and Personal number user properties, you can choose the employeeID attribute or None.

In the Options section:

  • If you plan to authenticate users towards Azure using Active Directory credentials and use the Microsoft single-sign-on option, select the Use as authentication server option and click Save.

  • Check the Pair by Object ID box if you wish to update users based on their Object ID. If the Object ID option is checked, during re-synchronization, the system will look for the user by the Object ID. If a match is found, the user details will be updated, otherwise, a new user will be created.

In the Transformation section, the administrator can define regular expressions (RegEx) to transform user data during the synchronization process. For details, check Regular Expression Transformation for User Synchronization.

Groups tab

In the Groups tab, you can select what Active Directory groups you want to remove from synchronization using the Ignore groups and Ignore groups containing string fields.

Azure sync groups tab

Synchronize Now

Users can be now synchronized by selecting your Azure AD source from the list and clicking Synchronize now.

Synchronize button in the User sync settings tab

Limitations

  • Only one instance of an Azure AD authentication server and Azure AD synchronization source can be created in MyQ. This means that you can currently automatically synchronize users only from one Azure AD tenant at a time.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close