Infosec IQ offers an Azure Active Directory integration for syncing learners and groups from Azure AD.
Getting Started
Before you begin, you’ll need the following:
- Credentials for an Azure AD administrator account. These credentials are only required for the initial setup and will not be stored in Infosec IQ.
- The attribute name of an Azure AD field to map to the Infosec IQ custom field (optional.) See below for more information.
- If you previously configured a scheduled task with our legacy Azure AD utility, that will need to be disabled before running the new integration. It is recommended to wait 24 hours after disabling the task to run the new integration.
- If you would like to create a separate user account to launch the integration, rather than using your own Administrator credentials, a new user can be created; and after the authentication process this user can be assigned the Directory Reader role.
Note: Infosec IQ Azure AD sync does not currently support Azure for Government (a.k.a. GovCloud) or any other nation-specific Azure Cloud instances.
Establish the Azure AD Connection
Follow these steps to configure the Azure AD integration:
- Navigate to Learners > Active Directory Synchronizer.
- Click the button to the right of “Configure Azure Active Directory sync.”
- Under Create New Sync, click on Azure Active Directory.
- Click Connect to Azure.
- Enter the Azure AD administrator credentials in the Azure AD dialog.
- After authentication is complete you’ll see a success message listing the number of users and groups in the directory. Click “Configure Sync Options” here.
Configure Azure AD Sync Options
After completing the steps above you’re now able to configure the Azure AD sync options.
- Groups: Select the group(s) you wish to sync in Infosec IQ. At least one group must be selected to perform a sync.
- Users To Exclude: Specify any users that should be excluded from the Infosec IQ sync.
- Sync groups in IQ: If enabled, the names of the groups selected above will be replicated in Infosec IQ.
-
Active Directory Field Name: A field from Azure AD can be optionally mapped to Infosec IQ’s “Custom” field. For a list of supported attributes see this article. Note that you must supply the attribute name and not the friendly name; for example, the attribute name for the “First Name” field is
givenName. If you’re unsure how to obtain the appropriate attribute name please check with your Azure AD admin. - Sync Automation: Choose whether Infosec IQ should automatically sync daily, or if you prefer to manually perform syncs. If daily is selected you can optionally provide an email address to receive notifications when sync fails. Note that sync can always be performed manually even when Daily is selected.
Click Save and your Azure AD sync configuration is complete.
Manual Sync and Logging
After your Azure AD Sync has been configured you can browse to Learners > Active Directory Synchronizer > Configure Azure Active Directory Sync > Azure Active Directory Config sync manually, check sync logs, and perform other tasks.
A summary of your Azure Active Directory Sync settings is displayed at the top including group(s), schedule, and connection status. You can additionally take the following actions:
- Edit Configuration: Update the Azure AD Sync Options configured above.
- Sync Now: Performs a manual sync. This can be done at any time, even if using the automated daily sync.
- Delete: Removes the Azure AD sync configuration completely.
You can also click on any item in the “Activity” list to see what actions occurred during that sync operation. If errors were encountered, you will find more information here; otherwise successful syncs will show you the number of learners that were added or updated.