- 22 Nov 2024
- 5 Minutes to read
- Print
- PDF
Usersync with Microsoft Azure/Entra ID
- Updated on 22 Nov 2024
- 5 Minutes to read
- Print
- PDF
With our synchronization of users from Microsoft Entra ID to Infinity, you only need to create and remove users in Entra ID for them to also appear in Infinity. This reduces the administrative workload when there are changes in personnel.
The article is divided into two parts:
Step 1 - Create an Application in Azure: Create an application in the Azure portal and grant it the necessary permissions to synchronize users.
Step 2 - Configure Infinity: Use the Infinity portal to create a template for AD synchronization and set synchronization settings.
Entra ID was previously called Azure Active Directory and allows synchronization of user data from the company's Entra ID (AD) to your Infinity PBX. For this to work, you first need to create an application in Microsoft Azure, which you then use to synchronize user data to Infinity.
Step 1 - Create an Application in Azure
Log in to the Microsoft Azure portal with an administrator account that has the "Global Administrator Role" permission.
Click on Microsoft Entra ID.
Copy the Tenant ID and save it for step 2.8 below, Configure Infinity.
Click on App Registrations and then "New Registration," set a suitable name, choose (in most cases) the top option under account types, and click "Register."
Copy and save the Application (client) ID for step 2.8 below, Configure Infinity.
We also need to create a "secret" for Infinity to identify itself against your application. Click on "Certificates and secrets" in the main menu and then "New client secret".
When creating your "secret," you also need to set an expiration date; Microsoft recommends 180 days, but you can choose to set it to a maximum of 1 year. When your "secret" expires, it must be renewed for the synchronization to continue to work. A tip is to set a reminder for yourself to renew a few days before it expires to avoid interruptions.
Immediately after creating your "secret," copy the value and save it for step 2.8 below, Configure Infinity. You cannot retrieve your "secret" later as it will be masked after a certain time.
The last step is to grant your application API permissions. Click on "API permissions" in the main menu and select:
"Add permission > Microsoft Graph > Application permissions".Search for "User.Read.All", select it and click "Add Permission".
In the same way as above, add the "Group.Read.All" permission.
The final step is then to "Grant admin consent" which only a "Global Administrator" is allowed to do.
Step 2 - Configure Infinity
Before you start configuring the sync connection itself, we recommend having a “user settings template” ready. This template determines how your users will appear when created in Infinity, including groups, terminals and other settings they will be configured with. You can find out how to create user templates here: Templates - User Settings
Log in to the Infinity portal and under "Company > Other > Integrations AD Sync" you will find the configuration for AD synchronization. Start by clicking "Create new template" in the top right corner.
General
Choose Type AD sync.
Synchronization settings:
Pause: Pauses the synchronization; no changes are made, and no new users will be added.
User sync: Syncs all users continuously. If a change is made in Entra ID, the user will be updated in the PBX the next night (or during manual sync).
New users only: Only adds new users created in Entra ID. Existing users already synced will not be affected.
Send welcome mail to new users means that as soon as a new user is created in Entra ID and synced over to Infinity, an automatic welcome email is sent to the user's email address.
You can also choose to send a separate welcome mail to this email, a useful feature for administrators to keep track of which users are created in Infinity.
Delete user after days, set how many days a user should remain in Infinity after being removed in Entra ID.
Error Notification Email, any error messages in the synchronization are sent to this address.
Error Notification Level, set the error-level at which you want to receive notifications.
Provider Settings
A crucial step to establish the connection to your application in Microsoft Azure. Copy the values from your app in Microsoft Azure to the JSON string you find under Provider Settings, ensuring they are entered correctly without extra spaces or other characters.
If the formatting is incorrect, a warning will appear, and you cannot save.
Values from your app in Azure:tenant_id = Your company's tenant ID.
client_id = Your application's ID.
client_secret = Used by Infinity to identify itself against your application.
memberOf = Add your groups by the name of the EntraID-group that your Infinity users belongs to. You can add multiple groups if desired and you can also choose not to use groups, in which case all users in the company are synced.
Example 1, JSON string with 2 groups:
{"tenant_id":"id123","client_id":"id123","client_secret":"hidden","user_filter":{"memberOf":["group1","group2"]}}
Example 2, JSON string without groups:
{"tenant_id":"id123","client_id":"id123","client_secret":"hidden","user_filter":{"memberOf":[""]}}
Click Save.
Test the Synchronization
When both steps above are completed, you are almost ready to sync your users. The system will automatically synchronize every night, but you can also trigger a manual synchronization by clicking the "re-synchronization" button at the top (2 arrows in a circle). If the synchronization works as it should, a message in green text will appear with the date and time of the last successful synchronization. This means the connection with your app in Azure is working correctly, and you are ready to map the data fields for your users.
Set Up How Users Will Be Synced
Select Default Callerid, choose one of your numbers here as the default Callerid. This will be used if a user does not have a PSTN number after synchronization. If a PSTN number is assigned to the user, it will be set as the user's default Callerid.
Default user settings template, choose preconfigured templates for how users should be configured when they are created in Infinity.
Field mapping, fields for mapping user data from Entra ID to Infinity. The fields will appear after the first successful synchronization. A requirement for a user to be created in Infinity is that Alias, Name, Surname and PSTN fixed fields are correctly mapped. If any of these are missing, the user will not be synced.
User Field mapping; useed to map additional fields beyond the default ones above.
Click Save.
Synchronize Your Users
When all the steps above are completed, you are ready to synchronize all your users into Infinity. Click the "re-synchronization" button again, when all data fields are mapped users will be synchronized. Verify that the users appear correctly under Users in the portal.