AzureAD User Sync is a capability of the Structural system to ensure a customer tenant is kept in parity with a system of record in Azure Active Directory. In Structural, Admins have the ability to set up the AzureAD sync directly through the Admin Panel.
This ensures employees will have accurate and fresh data syncing every 4 hours into Structural from Azure. Employees will also be created and disabled based on their status within AzureAD. This also allows the company's IT team to be the source of truth when any data needs to be updated or organized.
To setup Azure AD Sync follow these steps:
In the Structural application, at Structural , visit the Organization Admin dashboard.
This option only appears for accounts with at-least one administrative-facing permission on their Structural account.
From the left-hand side menu, select the “Automated Syncs” option.
You’ll be presented with either a page empty of syncs, or a list of existing configured syncs.
To configure a new sync, select the New Sync button at the top of the page, then “Azure Active Directory” from the subsequent list.
A setup wizard should appear on the right-hand side of the screen. We’ll proceed through these steps.
First, select the Sign In With Microsoft button, and proceed through the standard OAuth2 process to authenticate your Azure Active Directory tenant with Structural.
If you receive an error during this process that reads “Need admin approval”, this signals that your Active Directory account does not have the elevated permissions Structural needs to read & sync user data.
An elaborated explanation and justification of the permissions Structural requests from your Active Directory tenant is included at the bottom of this document.
Next up, we’ll validate that the connection was successful and Structural can pull the data it needs to. Simply click the big button.
If you receive an error of any kind after clicking this button, please reach out to firstname.lastname@example.org for help in diagnosing the issue.
Structural is capable of “scoping” a sync to either the entire Tenant, or to a specific User or Security group within the tenant.
If you select “Sync The Whole Tenant”, Structural will sync user data from every user within your Active Directory tenant.
If you select “Sync a Specific Group”, Structural will only pull user information for users within the specific group you subsequently select.
In the next step, you’ll opt into different behavior when users are encountered in the Active Directory tenant.
Complete Structural Instance Sync
When users are created in Active Directory but don’t exist in Structural, create the user in Structural.
When a user exists in Structural but does not exist in Active Directory, disable their Structural user account.
Sync User Enable/Disable Status
Users in Active Directory have a “status” field which can be flagged as either Enabled or Disabled. This option enables syncing of this field to the Structural user’s “Standing” field, which behaves similarly.
Most customers will want to select both of these options, but your needs may vary.
More information on how users are correlated between Active Directory and Structural is included toward the bottom of this document.
Please Note: Structural will never modify information in your Active Directory tenant. These syncs are one-way only, and exist to keep information in Structural up-to-date with your Active Directory.
Next up, we’ll select the fields we want to sync.
An explanation of the specific data synced for each filed is included within the Admin UI, upon hovering over the question mark next to the field.
Email Address and Azure User ID are not able to be turned off, due to their necessity in correlating users between your Active Directory Tenant and Structural. More information on this can be found below.
Upon clicking Next, you’ll be given the opportunity to review the configuration listed on the title of each wizard step, then Activate the sync.
Finally, you should now see the sync in your list of Automated Syncs. Done!