Configure Azure Active Directory synchronization
To import users from Azure AD into the Equitrac user database, do the following:
- Register ControlSuite into your Azure AD tenant. See Register ControlSuite in Azure Active Directory in the Kofax ControlSuite Installation and Configuration help.
- In Configuration Assistant setup the Azure AD connection. See Configuring ControlSuite in the Kofax ControlSuite Installation and Configuration help.
- Login to Web System Manager as an administrator.
- In System Configuration, select Global Configuration Settings > Network Environment > Directory Services Synchronization.
- Select Azure Active Directory in the left menu.
-
In the Synchronization section, choose how users are imported.
- Last import time - This displays the last time the import was performed.
- Select the Do not enforce account limits for users in auto-created departments checkbox to import new departments into Equitrac via Azure AD synchronization without enforcing account limits.
- Differential import - This option only updates
users since the last import was detected. In this case, new users are
created, changed users are updated, and deleted users are removed in the
Equitrac user database.
- For differential import, select what updates are applied: Adds (adds new users), Changes (updates existing users), Deletes (deletes removed users). At least one must be selected, but any combination of operations can be applied.
- Click the Automatic synchronization checkbox and enter the Interval time (in minutes) to run the synchronization at a specified interval.
- Enable the Synchronize on save option to start the differential import immediately. This operation is not available if there was no earlier synchronization.
- Full import - Enable the Synchronize on save option to force a full import. When performing a full import, all users are imported from Azure AD. Non-existing users are created, existing users are updated, new departments and locations are created in the Equitrac user database.
-
In the Field mappings section, the mappings between
Azure AD and Equitrac user fields can be set. The specified field mappings are
used by synchronization.
- Account name – contains the user login ID. This is mapped to the User ID property in Equitrac.
- Full name – contains the full user name. This is mapped into the Full name property for the user within Equitrac.
- Email address - contains the user’s email address.
- PrimaryPIN – maps the numeric PIN found in the PrimaryPIN field in Equitrac.
- SecondaryPIN – maps the numeric PIN found in the SecondaryPIN field in Equitrac.
- Alternate PIN - maps the alternative primary PIN.
- Department - maps the department name to the Department field in the Equitrac database. If the department name does not already exist within Equitrac, it is automatically created and the selected users are added to the new department. Multi-level departmental structures can be synchronized into a single department field by using the "value1+value2+value3" syntax. For example, co+st+l+description indicates the country, state/province and city, and a description of the department. New departments are created in Equitrac if necessary.
- Location - maps the user’s physical location. New locations are created in Equitrac if necessary.
- Color quota - maps the color quota page limit. Use this if you are applying color quotas.
- Home print server - maps the name of a print server to the Home Print Server field in the Equitrac database. If you are enabling Print-to-Me, ensure that you select the Home Server attribute for these users.
- Click Apply to save your settings.