In this article, we will guide you through everything there is to know about AskCody Azure AD sync. You will learn what it is, how to set it up, and answers to the most frequently asked questions.
The article covers:
- What is Azure AD
- The requirements
- How to set up Azure AD sync
- How to configure Azure AD sync
- Running the Azure AD sync
- Reception Assignment
- What data points does AskCody sync
- How to edit the sync
- How to stop the sync
- What security and authentication are in place
What is Azure AD
Azure Active Directory is Microsoft’s multi-tenant, cloud-based directory, and identity management service that combines core directory services, application access management, and identity protection. AskCody supports Azure AD Sync via Microsoft Graph and is referred to as AskCody Azure AD sync 2.0. It supports user synchronization and management, host synchronization for the Welcome+ Visitor Management, and full role provisioning for all AskCody modules.
The setup of Azure AD Sync along with role provisioning can be done via AskCody Admin Center and in the Azure AD Portal.
- Azure Active Directory
- Consent to give AskCody access to AD data requires Admin Consent in Azure AD (Portal) and can only be given by a Global administrator.
- Must be one root group (Azure AD group) that all AskCody users must be part of.
- Only Security-enabled groups can be used
- Make sure you are Global Administrator in Exchange and has Owner access(role) in AskCody.
- Make sure one group for all AskCody Users exists. This does not necessarily need to be created if a group already exists that fits the purpose.
- If role and membership management is needed, multiple groups need to be in place in Azure AD. Example: One group containing Canteen Providers and one containing Admins.
- Make sure Welcome+ Receptions and Meeting+ Providers are created for setting membership assignments.
How to set up Azure AD sync
- Login to AskCody Manager (https://manager.onaskcody.com/login)
- Go to Admin Center
- Go to the Connect tab and press Azure Active Directory Sync.
- You will be redirected to your Azure AD Portal
- Log in with your Admin credentials for your Azure AD Portal
- Grant the necessary consent to AskCody to establish the connection
- After Consent is given you will be redirected back to Admin Center with a confirmation that you have now Connected Azure AD. Please be aware that no sync is running or configured at this point.
How to Configure Azure AD Sync
- Press configure AskCody Azure AD Sync
- You are redirected to the AskCody Portal (portal.onaskcody.com in EU and portal.goaskcody.com for US customers). AskCody Portal is where all setup and configuration of Azure AD is done.
- You are now in the configuration interface for the Azure AD sync.
The sync setup interface consists of the Azure AD Sync in the top of the list with a settings icon and "ADD GROUP" Button. In the settings menu for the sync, the main sync group is selected(root group) "Please be aware to search for the full name of the group, the sync will not get the correct search result just by searching for part of the group name." The search will only show security-enabled groups from AD
Advanced settings can be folded out and you will have the option to set Connection attribute name. This is only used in the event of an Exchange hybrid setup where users need to be flagged as moved to the cloud. in Advanced settings Cost center attribute name can also be set and it is used for synchronizing cost center attributes from AD to AskCody if this is part of the Meeting+ configuration.
When adding a new group to the sync you are able to search in Azure AD security-enabled groups via Microsoft Graph (See the picture below).
"Please be aware to search for the full name of the group, the sync will not get the correct search result just by searching for part of the group name."
When the correct group is found, it is possible to assign AskCody Roles, Membership, and Assignments to this group. Each item in the list can be unfolded to show the given roles and memberships.
The group can be assigned with:
- AskCody Roles
- Cost Center Memberships
- Delivery Provider Memberships
- Reception Memberships
- Reception Assignments (Assign Hosts to a reception)
Learn more about AskCody Roles and Memberships here.
When the sync is configured it can be saved before starting the sync (ex.in the event that it needs to be validated by others before starting).
Running the Azure AD Sync
- When the sync is ready to be started, simply press start in the top right corner.
- The Sync is now running and depending on the size of the sync (number of users) it can take some time (we can't estimate how long time the initial sync will take but as soon as the sync is stated users will start coming into the system with the Roles and Memberships assigned to the specific groups.
Hosts for AskCody Welcome+ Visitor Management is synced separately from users and needs to be assigned to a Reception (for what reception can this person be the host for a visit). If certain locations have certain hosts then a reception assignment needs to be made for each group corresponding to the location.
What data points does AskCody Sync?
By giving consent to AskCody to access data in Azure AD AskCody is given access to all user attributes, but we do only sync what is needed for your AskCody services. The Azure AD sync will synchronize the following user attributes:
- userType + optional connection and/or cost center attributes. (cost center attributes are used in AskCody Meeting+ for billing information on orders).
How to edit the sync?
- Login to AskCody Admin Center
- Go to the Connect tab and press Azure Active Directory Sync
- Press go to sync and you are redirected to AskCody Portal (portal.onaskcody.com, portal.goaskcody.com)
- Stop the sync
- Edit the sync
- Press save
- Start the sync
How to stop the sync?
If logged in to the AskCody Portal the sync can be stopped by pressing pause. Furthermore, if the consent in the Azure AD Portal is removed AskCody will no longer be able to access data.
What security and authentication are in place?
Authentication and authorization are handled through Azure AD/Microsoft Graph via OAuth 2.0.
Other relevant articles: