Azure AD Employee Data Import
With the 2021.3 release, we have implemented the feature for importing personnel data from Azure AD. This interface allows you to retrieve personnel data from Azure AD. The import into the eTASK personnel list is performed using the existing personnel data import interface.
Configuration in Azure AD
App Registration
To retrieve data from Azure AD, a new app must be registered:
Authentication
Certificates and Secrets
A secret must be created for the interface! This is done using the “New Secret Client Key” button
API Permissions
The “User.Read.All” permission must be granted in Microsoft Graph as an application
Configuration in the eTASK Portal
The basic configuration can already be delivered with the “5255” interface plugin. Among other things, a large part of the mapping is already available here. However, this must be adapted to the customer’s existing structure. The personnel code or personnel number is fixed as the primary key for data matching.
General configuration of the Azure AD interface
In the system configuration, the value for AZURETENTANTID (directory ID) must be specified from Azure. Further configuration takes place within the interface itself:
Control Panel → Portal Options → Interfaces → Interface Configuration → Azure AD
The plugin already creates a data record here. You only need to specify the client ID from Azure and the secret
Mapping (manual configuration not yet set up)
Under Mapping, you configure the fields to be retrieved from Azure AD. The interface plugin already imports most of the standard fields into the portal.
Additional fields cannot currently be created manually (this is currently done via the customer-specific plugin)
In addition, the mapping to the fields available in eTASK is also performed in the mapping. This is done within the respective records. The extensionAttributes are a minor exception here. These are further broken down within the record into extensionAttribute1 through 15.
Import Filters
When retrieving data from Azure AD, you can specify filters. These filters are defined by Azure AD and can be configured via the Import Filter field. For more information on the available filters: Filter Options
Import Test
Here, you can test the saved configuration. However, the configuration of IF_SPALTE_T must be complete first!
IF_SPALTE_T
The standard configuration is already included here via the interface plugin. If additional fields are required for mapping values from Azure to eTASK, or if fields from eTASK that have not yet been configured are needed, these must be configured in IF_SPALTE_T. This configuration can be found under Control Panel → Portal Options → Interfaces → Interface Configuration → Personnel Data Import → IF_SPALTE_T Configuration.
However, this configuration requires knowledge of our database structure, as the data types (varchar, int, bit, etc.) must be specified in this configuration.
Completion
The final step is to activate the TimerJob and set the Azure AD profile to Active. The TimerJob is called “Import and Update Azure AD Personnel.” It can be found under Control Panel → Portal Options → Portal Administration → TimerJobs → Job Management