¶ AAD Sync
¶ Introduction
AADSYNC is used to pre-sync user data between JOIN Case & Document and Microsoft Azure AD and associate it with the appropriate authorization groups. When this function is not used, a user is only created when he logs in (authenticates) for the first time in JOIN Case & Document. the big disadvantage is that the application is loaded without preset collection rights (authorizations) and function rights (privileges): “Empty”. The functional administrator of JOIN Case & Document still has to work to link the user to the correct profiles and roles, set up additional user data, set user rights and automatically populate email lists.
AADSync can be used from version 2023.11 for the following protocols:
- WS Federation
- SAML
- OpenID Connect (OIDC)
For the AADSYNC module, an additional license must be purchased through the Decos account manager or a Decos partner. Of course, you must also have a valid license for the authentication function (one of the protocols mentioned above). AAD Sync can only be used in conjunction with Microsoft Azure authentication.
¶ Functionalities
With the AAD Sync module, the following functionalities are offered:
User synchronization for ADFS/SAML/OIDC: With this functionality, username (at SamAccountName) and user data (such as name, position, contact details) can be synchronized with JOIN Case & Document.
Configuration setting: Username matching for ADFS/SAML/OIDC.
JOIN AD Group synchronization: This feature makes it possible to authorize (and synchronize with JOIN) only users in certain groups based on restrictions in the AD.
Configuration setting: JOIN user groups for AADSYNC.
Synchronize users with email addresses: This feature allows email addresses of certain (groups of) users to be synchronized with JOIN. These e-mail addresses are used in the e-mail function of JOIN Case & Document.
Configuration setting: Synchronize user groups for e-mail.
¶ Installation
The configuration of the AADSync module is carried out by a technical consultant certified by Decos. This consultant coordinates with your organization’s AD administrator.
Prior to deployment, we will contact your AD administrator for the appropriate access and information needed to provision and activate synchronization.