Starting from December 2022, you can provision Imagicle users from an Azure AD source. To enable such users' synch, you must involve Imagicle Technical Support and provide them some data about your geographic area.
Before illustrating the whole procedure, let us highlight the requirements:
Moreover, consider the following limitations, coming from Azure AD:
If above requirements are satisfied, please proceed by contacting Imagicle Support team to provide the following information:
Imagicle Support applies an internal configuration in our Cloud, to enable a LDAP interface. This might requires few days. Once done, they are going to return you the following:
Please download the Windows executable to automatically apply Azure configuration (attached to this KB article) and save it in a local folder (for instance C:\Temp).
Copy into the same folder the configuration json file provided by Imagicle.
Open a Command Prompt window (CMD) as administrator and move to the same folder:
cd \Temp
Then type the following command:
ImagicleUserCloudSync Az_client_creds.json --disable-autostart --app-name "Imagicle Users Synch"
(supposing the json file provided by Imagicle is named Az_client_creds.json
).
Once you execute above command, a pop-up window appears prompting you to enter your Microsoft admin credentials. Once done, you can close the pop-up window.
After few seconds, the process completes and you can track the configuration steps as below sample:
The Imagicle script automatically creates an Azure Enterprise Application. You can view it from Azure web portal, as below sample:
This script applies a default field mapping according to below screenshot:
If you click on the Imagicle application, you can access the "Provisioning" menu and trigger a users' synch by hitting "Restart provisioning" button. If the synch is correctly accomplished, you get the number of imported users (33 in below sample):
Interval between each users' synch can't be below 40 minutes.
By default, above configuration imports ALL users available in Azure AD. You can limit the amount of data by applying either a filter based on users/groups or based on attributes content. Both filtering methods are explained in the following paragraphs.
Within the Imagicle Enterprise Application, please click on left panel's "Users and groups" menu option and browse/search for users/groups you wish to import from Azure AD. Just tick the box besides each user or group to enable the import. See below sample:
Within the Imagicle Enterprise Application, please click on left panel's "Provisioning" and make sure that "Provision Azure Active Directory Groups" is disabled. See below sample:
Click on "Provision Azure Active Directory Users" to access the Attribute Mapping page:
Click on Source Object Scope ⇒ All records. See below:
Click on "Add scoping filter" to invoke the filter editor. See below:
From this page, you can add multiple filters, based on different Azure AD attributes available within "Target Attribute" pull-down menu. "Operator" column decides how to match the filter entered within "Value" column. Once the row is properly compiled, you can click on rightmost button to add the rule and create another row for additional filtering.
More details are available within this Microsoft web page.
Imagicle Users' database supports 10 custom fields, to be mapped with ExternalID attribute in Azure during the provisioning. Please find below the procedure:
Access to Azure web portal and select "Imagicle Users Synch" Enterprise Application. From the "Overview", please click on "Provisioning":
Hit "Edit provisioning":
Expand "Mapping" section and click on "Provision Entra ID Users":
In "Attribute Mapping" section, please hit “Add new mapping” at the bottom of the screen:
In “Edit Attribute”, please choose the following options:
Custom fields and relevant values are mapped through a dedicated "Expression" whose syntax follows Azure Entra ID attribute mapping rules. See here for more details.
Imagicle feature implies that custom fields are mapped as “CustomX=", [Attribute] for each custom field to be enabled, where each custom field is separated from the next one by adding "$$$" separator.
See below a typical expression sample:
Join("$$$",
Append("customX=", [Microsoft Entra ID Attribute1]),
Append("customY=", [Microsoft Entra ID Attribute2])
)
where "Microsoft Entra ID Attribute" corresponds to the actual Azure AD field to be mapped.
If the expression syntax is correct, by clicking outside of expression box, you should read the message “The expression was correctly parsed.”.
Once above configuration has been applied, you can manually launch a new provisioning by following below steps:
To check what Azure actually sends as External ID attribute value, you can perform a manual provisioning of s single user and then access to Dataflow section. See below:
Please login to Imagicle UC Suite web portal as administrator and go to Administration ⇒ Synchronize users with an external data source » Configure Data Sources >>
Select LDAP from pull-down menu and add a new source, with a name of your choice:
LDAP connector should be configured as per the Suite_ldap_creds.txt file provided by Imagicle support. See below sample:
You can manually run the users' synch straight away or just wait for automatic synch performed during night time (midnight, by default).
1) In the Users' synch rules select "Use local IAS authentication" as Users authentication mode.
2) While we import data from Azure AD into our Cloud LDAP and, in turns, into Imagicle UC Suite, we are applying the following standard fields mapping;
Azure label |
Azure attribute |
LDAP attribute |
UCX Suite field |
Object ID |
objectid |
uid |
UCX Suite Login Username |
Display Name |
displayName or uid or cn (commonName) or dn (distinguishedName) or |
displayName or uid or cn (commonName) or dn (distinguishedName) or |
PBX username |
|
|
|
Single Sign-on id | Email |
First Name |
givenName |
givenName |
First Name |
Last Name |
surname |
sn |
Last Name |
Preferred language |
preferredLanguage |
preferredLanguage |
Preferred language |
Business phone |
telephoneNumber |
telephoneNumber |
First Extension Number |
Department |
department |
departmentNumber |
Department |
Mobile phone |
mobile |
mobile |
Mobile business number |
Street address |
streetAddress |
street |
User Address |
City |
city |
||
State or province |
state |
||
ZIP or postal code |
postalCode |
||
Country or region |
country |
||
Fax number |
facsimileTelephoneNumber |
facsimileTelephoneNumber |
Fax Number |
Soft-Delete |
active |
enabled |
|
UserPrincipalName |
UserPrincipalName |
displayName |
SSO username |
Some mapping can be manually changed by selecting "Synch Rules" menu option. See below sample for PBX username, mapped to email address to support MS-Teams Call Recording: