cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Synchronizing Attributes from Azure to IAS

Go to solution
tskwin
Participant

‎2024 Sep 15 9:19 PM - edited ‎2024 Sep 15 9:22 PM

0 Kudos
779

Hi everyone,

I'm encountering an issue with synchronizing certain attributes such as country, department, city, manager etc., from Azure to IAS.

I adding these parameter in IPS  as follows:

aad.user.attributes=id,mail,userPrincipalName,employeeId,displayName,givenName,surname,jobTitle,city,companyName,country,businessPhones,mobilePhone,department

Many Thanks you for any tips.

Best Regards

 

 

 

 

 

{
    "user": {
        "condition": "$.userPrincipalName EMPTY false",
        "mappings": [
            {
                "sourcePath": "$",
                "targetPath": "$"
            },
            {
                "sourcePath": "$.id",
                "targetVariable": "entityIdSourceSystem"
            },
            {
                "sourcePath": "$.mailNickname",
                "targetPath": "$.externalId",
                "optional": true,
                "correlationAttribute": true
            },
            {
                "targetPath": "$.schemas[0]",
                "constant": "urn:ietf:params:scim:schemas:core:2.0:User"
            },
            {
                "sourcePath": "$.mail",
                "targetPath": "$.emails[0].value",
                "correlationAttribute": true
            },
            {
                "sourcePath": "$.userPrincipalName",
                "targetPath": "$.userName",
                "correlationAttribute": true
            },
            {
                "sourcePath": "$.displayName",
                "targetPath": "$.displayName",
                "optional": true
            },
            {
                "sourcePath": "$.givenName",
                "targetPath": "$.name.givenName",
                "optional": true
            },
            {
                "sourcePath": "$.surname",
                "targetPath": "$.name.familyName",
                "optional": true
            },
            {
                "sourcePath": "$.mobilePhone",
                "targetPath": "$.phoneNumbers[0].value",
                "optional": true,
                "defaultValue": "888-888-888"
            },
            {
                "targetPath": "$.phoneNumbers[0].type",
                "condition": "$.mobilePhone EMPTY false",
                "constant": "mobile"
            },
            {
                "sourcePath": "$.businessPhones[0]",
                "targetPath": "$.phoneNumbers[1].value",
                "optional": true
            },
            {
                "targetPath": "$.phoneNumbers[1].type",
                "condition": "$.businessPhones.length() > 0",
                "constant": "work"
            },
            {
                "sourcePath": "$.groups",
                "targetPath": "$.groups",
                "optional": true,
                "preserveArrayWithSingleElement": true
            },
            {
                "sourcePath": "$.manager.id",
                "targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['manager']['value']",
                "optional": true
            },
            {
                "sourcePath": "$.city",
                "targetPath": "$.addresses[0].locality",
                "optional": true
            },
            {
                "sourcePath": "$.addresses[0].country",
                "targetPath": "$.country",
                "optional": true
            },
            {
                "sourcePath": "$.employeeId",
                "targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['employeeNumber']",
                "optional": true
            },
            {
                "sourcePath": "$['resourceExtensions']['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['department']",
                "targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['department']",
                "optional": true
            },
            {
                "sourcePath": "$.manager.displayName",
                "targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['manager']['displayName']",
                "optional": true
            }
        ]
    },
    "group": {
        "ignore": false,
        "mappings": [
            {
                "targetPath": "$.schemas[0]",
                "constant": "urn:ietf:params:scim:schemas:core:2.0:Group"
            },
            {
                "sourcePath": "$.id",
                "targetVariable": "entityIdSourceSystem"
            },
            {
                "sourcePath": "$.mailNickname",
                "targetPath": "$.externalId",
                "optional": true
            },
            {
                "sourcePath": "$.displayName",
                "targetPath": "$.displayName"
            },
            {
                "sourcePath": "$.members",
                "targetPath": "$.members",
                "optional": true,
                "preserveArrayWithSingleElement": true
            },
            {
                "targetPath": "$.members[*].id",
                "constant": "value",
                "optional": true,
                "type": "rename"
            }
        ]
    }
}

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
gregorw
SAP Mentor
SAP Mentor
‎2024 Sep 16 4:06 PM
But can you describe what exact issue you're facing?
Brian_Stempien
Explorer
‎2024 Oct 23 11:02 PM

To add to this. I am trying something similar. Right now I am trying to bring in department from Entra ID to the local identity directory. I added department to the aad.user.attributes property. I then mapped it in the Transformations.

The transformation looks like this.

{
"sourcePath": "$.department",
"targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['department']",
"optional": true
}

And the error I get when it tries to process is:
error=HTTP operation failed invoking http://********/idds/internal/scim/Usersb71534cf-1bb1-4e38-a16e-c23b04fac005 with statusCode: 400, Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"400","detail":"Unknown value 'IT Admin' for attribute 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department'","scimType":"invalidValue"},

 

 

Accepted Solutions (1)

Accepted Solutions (1)

Brian_Stempien
Explorer
‎2024 Oct 24 7:12 PM

Determined the issue. Even though it is not indicated in the Schemas section, the attribute "department" is special. It is not just a string, but must also match the list of Departments that is configured in the Applications -> Master Data area for Department. 

Show replies
Show replies
tskwin
Participant
‎2024 Oct 27 3:12 PM
0 Kudos

Hi @Brian_Stempien,

Many Thanks.

Could you please explain in a bit more detail how you transfer attributes like 'Department' from Entra to the IAS User Store?”

 

Thank you very much

Brian_Stempien
Explorer
‎2024 Oct 29 3:53 PM
0 Kudos

In the Source System Properties I included the desired attributes.

aad.user.attributes = id,mail,userPrincipalName,displayName,mailNickname,givenName,surname,mobilePhone,businessPhones,manager,department,employeeId,jobTitle,companyName,employeeType,officeLocation,streetAddress,state,city,postalCode,country

Also because manager is a complex attribute in Entra, 

aad.user.attributes.expand = manager($select=id,displayName)

You can get the list of attributes in Entra from https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#properties

In the Source System Transformations you have to add rules to map from the Entra attribute to the IAS attribute. Examples:
{
"sourcePath": "$.employeeId",
"targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['employeeNumber']",
"optional": true
},
{
"sourcePath": "$.department",
"targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['department']",
"optional": true
},
{
"sourcePath": "$.jobTitle",
"targetPath": "$.title",
"optional": true
},
{
"sourcePath": "$.companyName",
"targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['organization']",
"optional": true
},

The trick so far is for attributes like Department and employeeType they have to conform to Master Data texts that are listed in Applications & Resources -> Master Data. Departments = Departments, employeeType = Relationships, jobTitle = Functions. You can edit and add to the Master Data. 

I am still learning how to do functions to also transform data. Countries is a good example there. In IAS it requires you to store the 2 digit Country code. I would like the ability to deal with the country name coming in from Entra and being changed. 

Answers (2)

Answers (2)

tskwin
Participant
‎2024 Sep 18 1:06 PM
0 Kudos

Hi @gregorw 

provisioning the manager ID is now working.

One more question. 

I have set up the provisioning of users from Entra ID to IAS according to this guide https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/microsoft-entra-id?locale=...

I was now able to transfer some user information to IAS, such as User ID, Global User ID, SCIM ID, Email, Name, and Manager.

However, I am unable to provision attributes like Cost Center, Company State/Province, Company Street Address, Company ZIP/Postal Code, ZIP/Postal Code, City, etc.

How can I provision these other attributes?

How can I restrict fields with dropdown menu, such as 'Country', to only one country?"

 

Where can I find information on this?

Thank you very much for any tips

Best Regards

Show replies
Show replies
tskwin
Participant
‎2024 Sep 17 6:38 AM
0 Kudos

Hello Gregor,

I'm not receiving any error messages. For example, attributes like Manager, country, department, and city are not appearing in IAS, but no error messages are showing up.

I have defined these claims in Azure.

scrren.png

 

Thank you very much for your help!

Best Regards

Show replies
Show replies
Ask a Question