The Akumina PeopleSync V6 application synchronizes user properties for the following functionalities:
The following data sources are supported out of the box but can be configured to synchronize any data source with code development and configuration:
Note: you can configure to synchronize more than one data source and merge the properties into a single store. The present version of PeopleSync Azure function supports only cloud environment (multi-tenant).
As part of PeopleSync Azure Function V6, migrated an application from Console to Azure Function to support only Cloud environment. Along with this below are highlighted changes.
In order to synchronize data from Azure Active Directory, certain "Microsoft Graph" permissions are required. Visit Graph API Connection for Azure AD, to learn more about the required graph permissions for People Sync and to configure permissions on the associated Graph App.
NOTE: If you have Multiple AppManagers and they are all interfacing to the same O365 tenant, then you need only one PeopleSync to run. AppManagers will use the same PeopleSync EntityPrefix, AzureSearchServiceName and AzureSearchServiceApiKey keys. If your AppManager’s websites are interfaced to different Azure Tenants, then you will need to generate an Azure “Search Service” for each AppManager pointing to a different Tenant. Optionally you may use different prefix to leverage the same cognitive search investment.
Tenant configuration is a set of required properties used to synchronize the source data from Microsoft Entra ID. Each tenant configuration will be stored on Azure Storage table separately. In the table below an example of adding FetchProperties is given.
| Property | Type | Default | Description |
| TenantId | String | Domain used to login to your account.
For Microsoft Entra ID – TenantID or DirectoryID (Site Creator we call this the Subscription ID) |
|
| ApplicationId | String | Acquired from the Graph App created to support Akumina. This is the “Application (client) ID” associated with the Graph App. This is value used in App Manager site creator as the “Application (client) ID”. | |
| ApplicationSecret | String | Acquired from the Graph App created to support Akumina. This is the supporting App Graph’s “Client Secret” VALUE. Also used in AppManager > Site Creator, the value for “AAD Client Secret”
For Okta, refer to “Configuring Okta application secret” section. |
|
| PersonaFieldFilesData | Array of strings | ||
| AkuminaUrlsData | JSON | AppManager URL | |
| AppManagerQueryKey | string | Acquired from the AppManager > Site Creator > DigitalWorkplace Core Site > Interchange Query Key | |
| FetchPropertyData | JSON | In a Multitenant environment this is a custom FetchProperties section that can be defined for each tenant and added to this tenant property area. Please Refer to the FetchProperties section section below to add additional custom FetchProperties for this tenant. | |
| FetchOptionsData | JSON | In a Multitenant environment this is a custom FetchOptions section that can be defined for each tenant and added to this tenant property area. Please Refer to the FetchOptions section below for additional information. | |
| FieldsMappingSource | String | “fieldsmapping.xyz.json“ | Name of the json file that contains the JSON formatted mapping of field names (graph property name to front end property name) and default language. In a multi-Tenant environment this file name should be unique to the client/tenant example fieldsmapping.xyz.json, since this would need to be a unique name for this tenant area. |
| CustomFilterAssembly | String | “” | In a multi-Tenant environment, this CustomFilterAssembly will be set if a Custom filter is required for this specific tenant. Please see the following link for additional information: AkuminaSamples/PeopleSync/Net8 at master · akumina/AkuminaSamples · GitHub |
| Environment | String | Environment Name | |
| FrontEndStorageConnection | String | Azure Storage Account used for Headless front end. If Headless frontend is not used, then this configuration is not required to synchronize the User Profile. From Azure Portal – This is the Storage Account > Access Keys > ConnectionString. |
Global fetch options are used if Tenant specific fetch options are not configured. Include all FetchOptions at Tenant Specific, if you need to override any one of the fetch options then set at Global FetchOptions.
| SyncUsers | Boolean | true | Synchronize configured user properties |
| SyncGroups | Boolean | true | Synchronize Active Directory Groups |
| SyncUsersAssignedToNoGroups | Boolean | true | Set to true, all users will be synced. If the value is false, then users who are not assigned to any groups will be filtered out of the people sync. |
| SyncTags | Boolean | false | Set to true if Akumina Workspace Licensed and configured |
| SyncTypes | Boolean | false | Set to true if Akumina Workspace License and configured |
| TrackUserGroupChange | Boolean | true | Enumerates the user changes for ActivityStream Access Control update. |
| TrackUserPersonaChanges | Boolean | true | Enumerates the user changes for ActivityStream Access Control update. |
| MergeGroupFieldsToUserGroup | Boolean | true | Duplicates the GroupFields into UserGroups entity. |
Global FetchProperties are used if Tenant specific FetchPropertiese are not configured.
| Property | Type | Default | Description |
| TagExtension | String | "groupname" | Tenant based TagExtension value. If we need to overwrite the default TagExtension, then we can include the values here otherwise we can keep this as empty or remove the property. |
| TypeExtension | String | “groupuser" | Tenant based TypeExtension value. If we need to overwrite the default TypeExtension, then we can include the values here otherwise we can keep this as empty or remove the property. |
| ExpandProperties | String | “” | If the value returned as JSON then the system will generate linear string property of the value. For example if the field defined returns the JSON of “P” as {“P1”:”V1”,”P2”:”V2”} then the property expanded as P_P1 with value V1 and P_P2 with value P2 |
| UserProperties | String | "id,accountEnabled,businessPhones,
city,companyName,country, deletionTimestamp,department, onPremisesSyncEnabled,displayName, facsimileTelephoneNumber,givenName, jobTitle,mail,mailNickName,mobilePhone, objectType,officelocation, physicalDeliveryOfficeName, postalCode,preferredLanguage, sipProxyAddress,state, streetAddress,surname, telephoneNumber,usageLocation, userPrincipalName,userType,otherMails, provisionedPlans,provisioningErrors, proxyAddresses,schools,skills,birthday,hiredate" |
You can add remove any properties defined in your Identity provider or data source. |
| UserExtendedProperties | String | "Manager,AssignedLicenses,
AppRoleAssignments,DirectReports, OwnedDevices,RegisteredDevices, OtherProperties,UserPreferences" |
Extended properties are complex object needs multiple calls to data source. You can add or remove any supported properties |
| GroupProperties | String | "id,description,displayName" | Group properties |
| PersonaUserProperties | String | "mail,displayName,userPrincipalName,
businessphones,aklanguageid" |
Persona properties |
| UserGroupUserProperties | String | "displayName,userPrincipalName,
businessphones,aklanguageid" |
User Group properties |
| SkipUsers | String | “” | Specify condition like “display=xyz,location=boston” it will then skip users whose value starts with defined conditions. Example:
"SkipUsers": "givenName=Firstname,givenName=Test,givenName=GiveName,department=Dummy", In the above users whose givenName, starts with Firstname or Test or GiveName or are in department beginning with Dummy will be excluded. |
| SkipGroups | String | “” | Specify condition like “display=group1” it will then skip Groups whose value starts with defined conditions. |
| LargeContentProperties | String | "DirectReports" | |
| ConvertValueToLowerCase | string | "userPrincipalName,mail,userEmail" | We will convert these user properties to all lower case. |
| BooleanProperties | String | "accountEnabled" | This property should be set at Global fetch properties. |
| DateTimeOffsetProperties | String | "CreationDate" | This property should be set at Global fetch properties. |
| SavePeoplePictureAs | String | "userPrincipalName" | Based on this comma separated AAD property name, the User's profile picture will stored in the blob (when ProfilePictureStorageAssemblyType & FrontEndStorageConnection configurations are set). For. eg., if we need to clone the image with mail value of the user, then the value will be set it as "userPrincipalName,mail". |
Some properties are extendable, the following table summarizes the columns included in the UserExtendedProperties.
| UserExtendedProperties | Fields retrieved |
| Manager | Manager |
| AssignedLicenses | All Licenses and Count |
| AppRoleAssignments | id, principalDisplayName, principalId, principalType, resourceDisplayName, resourceId |
| DirectReports | displayName, givenName, surname, mobilePhone, businessPhones, jobTitle, mail, officelocation, preferredLanguage, userPrincipalName |
| OwnedDevices | deviceId, deviceMetadata, deviceVersion, operatingSystem, operatingSystemVersion, trustType, displayName |
| RegisteredDevices | deviceId, deviceMetadata, deviceVersion, operatingSystem, operatingSystemVersion, trustType, displayName |
| OtherProperties | All the other external properties configured in the AAD |
When you want to implement custom logic to filter Group and User data. You can refer to the link below for template and implement your own filter logic.
AkuminaSamples/PeopleSync/Net8 at master · akumina/AkuminaSamples · GitHub
Even customer has multiple sites for the same tenant, only single custom filter assembly is supported. You can reach a support team for custom filter deployment and configuration.
In Azure function default field mapping is configured in the below format.
Prefix: Set unique value to this field if you need to initialize prefix to fields, this is required to uniquify the fields if you sync cross multiple data sources. PrefixExclude: System defined; you can add but cannot remove the default values Group: For any customization of the Group fields. Example in your AD you may have a group column called "id" (read in column) but in the Akumina framework you want id to really be objectId (write out to), then the field mapping will become “Id”:”objectId" Users: For any customization of the User fields, for example in your AD you may have a field called _firstname (reads in) but in the Akumina framework you want to have it represented as FirstName (write out to), then the field mapping will become “_firstname”:”FirstName” UserGroups: Same as “Users” but the property related to user groups UserPreferences: Same as “Users” but the property related to user preferences Note: Any value that starts with “~” is a constant. For example: “~1033":“aklanguageid” : will be stored in our system column aklanguageid=”1033” for the site default language.
A custom fieldmapping file can be created to change things such as default languages or mappings. Example fieldmapping.french.json or fieldmapping.*.json, where * is the unique name used for this tenant's ( * could be clientname) fieldmapping json file. In the example below, start with the appropriate fieldmapping type file associated with your source data e.g. aad, okta or sharepoint. In the case where aad is the source, copy fieldsmapping.aad.json and rename the file to be unique for your tenant in this example fieldmapping.French.json. This tenant should have default language set to French. Edit the file and change the language code from ~1033 to ~1036. example:
This is for sample purposes only to show you how to configure Okta:
Here's an example of Okta fields mapping:
Follow below steps to provision new Azure Function App to setup PeopleSync process along with configuration to be done on Akumina portal.
Click on below highlighted Add button on subscription screen to provision new site.
After clicking Add button, Popup window comes up to initiate site provision.
After provisioning for new site completed, click status icon from subscription screen to proceed further on tenant configuration.