Skip to main content
About the Azure AD synctool and requirements
Updated over 3 months ago

Introduction

You can use our Azure AD synctool to automate synchronization of users and/or groups between Microsoft Entra ID (previously called Azure AD) and Workspace. In this article, we will discuss the dataflow and requirements.

Tip: if you encounter any problems during the setup or running the synctool, check out our troubleshooting article.

Download

The synctool and support is only available to our partners. It can be downloaded from the Support Widget under Help > Downloads > User provisioning > Azure AD synctool.

Requirements

There are a few requirements:

  • Workspace checks for the user's UPN. Changing the UPN during synchronization may cause problems.

  • Users in Microsoft Entra ID must be assigned a first- and last name.

Keep in mind that:

  • Users from distribution lists and/or mail-enabled security groups cannot be imported.

  • Users from Nested Groups cannot be imported.


Dataflow between Microsoft Entra ID and Workspace 365

The goal of the Azure AD synctool is to transmit users and/or groups from Microsoft Entra ID to Workspace 365. The following diagram describes the general architecture of the synchronization process.

entra ID.png

The dataflow is unidirectional โ€“ data is coming from Microsoft Entra ID through the Azure AD synctool into Workspace 365 API and ends up in the Workspace 365 database.

The Azure AD synctool periodically queries Microsoft Entra ID for changes and calls Workspace 365 API to process these changes. The synctool is implemented either as a console application or Windows service.

In general, the AD synctool is installed on a different server than the Workspace 365 web application, though it is possible (but not recommended) keeping them on a single server. In case of different servers, it is required to be able to establish a HTTPS connection between Azure AD synctool and Workspace servers.

To configure the whole process, three actions are required:

  1. Configure Microsoft Entra ID so that the AD tool can access the information.

  2. Configure Workspace 365 so its API accepts information from the synctool.

  3. Configure synctool so it can connect to both Microsoft Entra ID and Workspace 365.

Did this answer your question?