Setting up automatic syncing of user profiles from Azure AD
This article describes how to setup and configure user profile syncing from Azure AD to Cognise. Once configured this allows organisations to automatically sync profile data and keep a person's data up to date in Cognise. AD Sync in Cognise can also be used to automatically set up entire companies with hundreds, or thousands of profiles in minutes.
Note: To go through Azure AD Sync setup you first need to have Connection Settings configured. Refer to Configuring Microsoft Azure AD.
Setting up Azure AD Sync is simple, to get started follow the steps below.
Check Access
You will need to be a sys. admin user in Cognise and your company will need the Microsoft Azure AD add-on enabled by Cognise Support.
To check this:
Navigate to Config in Cognise.
Click the Microsoft Azure AD option at the bottom of the menu.\
App Permissions
Next, we need to give your new app the permissions Cognise requires to sync data.
In the Azure portal navigate to the app you will use to do the syncing.
Click API permissions and then the Add a permission button.
Select the Microsoft Graph option.
Select Application Permissions.
Select:
Directory.Read.All from the Directory option
Select Group.Read.All from the Group option
Select User.Read.All from the User option.
Click Add permissions (the three new permissions should be visible in the list).
Select the three permissions from the list and click Grant admin consent (if you don’t have access to do this ask your IT department to do it for you)
Group Setup
Active Directory often has a lot more data than staff information, so scoping the sync to just one group is usually a good idea.
Navigate to All Services on the left-hand menu in your Azure Portal, then select Azure Active Directory from the options, and click on Groups.
Find and select the group you want Cognise to sync from.
Copy the Object ID from that group into the Sync Group ID field under the Microsoft Azure AD Sync sub-tab in Microsoft Azure AD page in Cognise
Error Reporting
The final step is to add one, or more email addresses to the "Send Error Reports To" field.
These email addresses will be sent a notification when the automated sync encounters problems it cannot resolve itself. For example, a user is found with an invalid email address and cannot be created in Cognise.
Validate Connection Settings
Navigate to Config and then Microsoft Azure AD.
Click the second sub-tab Microsoft Azure AD Sync.
Click the three dots showing on the right-hand side of the Edit Azure AD Sync section.
Select Download Data (an alert will display telling you the download is being prepared).
A few seconds later your sync data will be downloaded in CSV format.
Verify that all the users from your AD group are listed in the export and also have the correct details.
If you added your email to 'Send Error Reports To' and you received an error message check the settings are correct and try again.
What's Next?
If no errors have occurred, then thumbs up - Nice work, Microsoft Azure AD Sync is now setup!
Other Notes
For new users added to Azure AD on a sync performed in Cognise (manual or automated), the createdDateTime field from the user profile in AD will be automatically inserted into the Start Date field of the new user profile in Cognise. The start date field in Cognise is used as a trigger for any 'new staff assigned learning' that has been setup. If the Start Date profile field is empty no new staff assigned learning will be triggered whether as part of a sync or not. A start date field populated with a date after that set for new staff will trigger an email and assign the learning.
When a new user is added to the Azure AD application, and a Sync is made in Cognise, all existing assigned learning will be automatically associated to each new user created from the sync.
The Start Date field in Cognise can also be manually updated by Admins in Cognise if needed and will not be overwritten after running another Sync. Additionally, if an existing profile in Azure AD has an empty createdDateTime the start date in the user profile in Cognise will remain empty until manually updated by Admin in Cognise.