Importing entities from Azure AD - Card Synchronization 3.2

Card Synchronization Plugin Guide 3.2

Product
Card Synchronization
Content type
Guides > Plugin and extension guides
Version
3.2
Language
English
Last updated
2023-04-17

You can import cardholders, cardholder groups, and credentials from Security Center SaaS edition by connecting to Azure Active Directory (AD) and importing the entities into Security Center using the Card Synchronization plugin. After the import, changes made in the Azure AD data source can be synchronized in Security Center.

Before you begin

What you should know

Including pictures in the data source increases import time.
NOTE: If you are upgrading from version 3.0 or 3.1 of the Card Synchronization plugin, the data source configuration appears as they were in the previous version. For instructions on how to import these entities, refer to the plugin guide that came with the previous version of the plugin. To see the Data source configuration wizard shown in this topic, you must delete your data sources from the plugin, and then recreate them.

Procedure

  1. From the Config Tool home page, open the Plugins task.
  2. In the Plugins task, select the Card Synchronization plugin role from the entity browser, and click the Properties tab.
  3. In the Data sources section, click Add data source ().
    The Data source configuration window opens.
  4. From the Data source type list, select Azure Active Directory, and then click Next.
    Selecting Azure Active Directory.
  5. Enter the following information to connect to the Azure AD app, and then click Next:
    Tenant name
    Enter the name of the Azure AD tenant where the Azure AD app is registered.
    Client ID
    Enter the Application (client) ID of the Azure AD app that contains the cardholders and credentials that you want to import.
    App key
    Enter the client secret key for the Azure AD app. The key was generated when the app was registered.
    Connect to the Azure AD app by entering Azure AD tenant, application (client), and secret key
    NOTE: If the secret key is no longer available, you must delete the existing app, create a new app to get a new secret key.
  6. Choose the user groups to import:
    Filter groups
    Set to ON if you only want to import certain cardholder groups, and then select the groups you want to import.
    NOTE: When set to OFF, all cardholder groups are imported.
    Selecting groups in the Azure configuration window.
  7. Select the entity types to import and synchronize with Security Center, and then click Next.
    Cardholders
    Imports the cardholders from the external data source into Security Center.
    Cardholder groups
    Imports the cardholder groups from the external data source into Security Center. Important: This does not put cardholders into their respective cardholder groups.
    Cardholder group memberships
    Synchronizes the relationship of cardholders and cardholder groups from the external data source. Important: This option assigns imported cardholders to cardholder groups. If this option is not selected, imported cardholders are not linked to cardholder groups.
    Credentials
    Imports the credentials from the data source into Security Center.
    Choosing what to import and synchronize
  8. Map each external field to a Security Center field by selecting the column name from the corresponding drop-down list.
    For an explanation of the external fields, refer to the following topics:
    Configuring the Azure AD Cardholders.
  9. (Optional) Choose one or more fields to be global keys.
  10. (Optional) If the external data contains terms that you want to replace, do the following:
    1. Click Find and replace text using regular expressions ().
    2. Enter the text to find and replace.
      For example, you could look for variations of a country name and replace them with a country code, or replace a native card format name by a supported card format alias.
    3. If necessary, change the order using the up and down arrows.
      The transform expressions are processed in the order specified in the Add transform expressions for field dialog.
    1. Click Save.
    Tip: If required, you can select the row of any expressions that you no longer require, and click delete .
    A script icon () is shown in the Sample value column when the field text is being replaced by a regular expression.
  11. If there are external field without a corresponding Security Center field, you can create new custom fields and associate them now: Click Manage custom fields, fill the form, and then click Save.
    Create new custom fields and map them to external fields.
    NOTE: To map an external field that is, turn on the Display all external fields option.
  12. Click Next.
  13. In the Data source name field, enter a name for the data source, and then click Finish.
  14. Click Apply.

Results

After synchronization, the Azure AD source is added to the list of data sources, and the entities are created in Security Center.