Overview
The Azure Active Directory People Data Integration lets you create a scheduled import of your people data into Ardoq.
In short, it lets you take your list of users from Azure Active Directory...
...and import them into an Ardoq workspace:
Here you can read more about Single Sign On With Azure Active Directory and permissions.
Requirements to Use This Integration
1) You must be an admin of your Ardoq organization to use this integration.
2) The Ardoq organization must have Azure Active Directory single sign-on enabled.
3) You must grant consent for the Azure AD integration to read information about users in Azure Active Directory.
In addition, it is beneficial to have enabled the Managed Workspaces toggle as well.
Granting Access
On opening the integration for the first time you’ll be asked to grant permission for Ardoq to access data from Azure Active Directory. This is done by clicking Grant Consent:
Clicking Grant Consent will take you to Microsoft’s consent page:
If you are not an administrator in Azure Active Directory you can share the Grant Consent link with an Azure Active Directory administrator and ask them to approve the application.
They do not need to be an Ardoq user to approve the Ardoq People Data Integration application.
Once you or the administrator have approved the application, click the Refresh button to test that you can retrieve data from Azure Active Directory.
Why are these permissions required?
This integration can be scheduled to run at regular intervals to keep a workspace up to date, and must therefore have "application level" permission to read user information.
Configuring the Integration
Once consent has been granted and the page refreshed, the integration should be ready to set up.
Note that “displayName” is required and is mapped to the Component Name. We recommend that you map the ID field for scheduled imports (see 'Selectable Fields' for more information).
You can now select a target workspace, set up a schedule, and map fields from Azure Active Directory to that target workspace.
You can use filters to restrict the number of components you import into your workspace. Apply a filter by clicking on the arrow icon next to the property name.
Make sure that you've included a name for the schedule as you will not be able to test the import without one.
Once you’re done configuring the import, click Test Import in the top right corner. This will show you the results of the test import.
If you’ve set the integration to be scheduled you will be able to Schedule the Import, otherwise, you will be able to Import All.
Once you’re done, you can go to Ardoq's asset manager and see the new workspace the import has created.
Scheduling
For this integration, you are able to choose whether you want to schedule the integration or not.
If you set the integration to be scheduled, the workspace will become a Managed Workspace, meaning that restrictions will apply when trying to edit components in the workspace.
Selectable Fields
Let's now go through the most commonly-used fields from Azure Active Directory and explain what they are.
Id (unique, recommended)
This is the user’s unique ID in Azure Active Directory. This field is recommended, as it makes the scheduled integration more robust when dealing with name changes for users. If this field is not mapped, Ardoq will try to match users with existing components of the same name, meaning that renamed users will be created as new Person components.
If you need to switch from importing by name to importing by ID a manual migration will be needed, please contact support for assistance.
displayName (required)
This is the user’s full name. Since Ardoq integrations require a component name, this is required and will always map to the component name.
userPrincipalName
This is a user’s email address.
Importing Profile Photos
If you would like to import profile pictures of people from Azure Active Directory, just check the “Import Profile Pictures” checkbox when configuring the import.
After clicking “Test import”, you will see the total number of new pictures to be imported under “Attachments”. If this is not the first time you’ve set up an Azure Directory import and some pictures have been updated in Azure Directory since then, you’ll see the number of new profile photos under “to update”.
Once the import is complete, the pictures from Azure Active Directory will appear in the Workspace you have selected.
Please keep in mind that there may be profiles without pictures after import. This is because those profiles lack pictures in Azure Active Directory.
Note:
In order to use Managed workspaces, please reach out to the ardoq support team via in-app chat or via support@ardoq.com.
Also, Please share the tenant ID with the Ardoq support team to enable a setting in the backend inorder to use People Data integration for non SSO users.
Troubleshooting:
In cases where there are very large numbers of user records in Azure AD (on the order of a hundred thousand or more), the initial fetching of user data from active directory can take a very long time, and may time out.
In this situation it's possible to specify a pre-fetch filter to fetch a subset of users from Active Directory, which may significantly improve load times.
If you wish to use this feature, it must be configured by a member of our support team. First, decide on the filter you wish to use, instructions for doing so can be found in the microsoft graph documentation(Filter on fields using user resource type), then share this filter with the support team and they will enable the pre-fetch filtering.