You can import cardholders, cardholder groups, and credentials from Security Center SaaS edition by connecting to Azure Active Directory (AD) and
importing the entities into Security Center using
the Card
Synchronization plugin. After the import,
changes made in the Azure AD data source can be synchronized in Security Center.
What you should know
Including pictures in the data source increases import time.
NOTE: If you are upgrading from version 3.0 or 3.1 of the Card
Synchronization plugin, the data source configuration appears as they were in the
previous version. For instructions on how to import these entities, refer to the
plugin guide that came with the previous version of the plugin. To see the
Data source configuration wizard shown in this topic, you
must delete your data sources from the plugin, and then recreate them.
Procedure
-
From the Config
Tool home page, open the
Plugins task.
-
In the Plugins task, select the Card
Synchronization plugin role from the
entity browser, and click the Properties tab.
-
In the Data sources section, click Add data
source ().
The Data source configuration window
opens.
-
From the Data source type list, select Azure
Active Directory, and then click
Next.
-
Enter the following information to connect to the Azure AD app, and then click
Next:
- Tenant name
- Enter the name of the Azure AD tenant where the Azure AD app is registered.
- Client ID
- Enter the Application (client) ID of the Azure AD app that contains the cardholders
and credentials that you want to import.
- App key
- Enter the client secret key for the Azure AD app. The key was generated when the app
was registered.
NOTE: If the secret key is no longer available, you must delete the existing
app, create a new app to get a new secret key.
-
Choose the user groups to import:
- Filter groups
- Set to ON if you only want to import certain cardholder groups,
and then select the groups you want to import.
NOTE: When set to
OFF, all cardholder groups are imported.
-
Select the entity types to import and synchronize with Security Center, and then click
Next.
- Cardholders
- Imports the cardholders from the external data source into Security Center.
- Cardholder groups
- Imports the cardholder groups from the external data source into Security Center.
Important: This does not put cardholders into their respective cardholder
groups.
- Cardholder group memberships
- Synchronizes the relationship of cardholders and cardholder groups from the external
data source. Important: This option assigns imported cardholders to cardholder
groups. If this option is not selected, imported cardholders are not linked to
cardholder groups.
- Credentials
- Imports the credentials from the data source into Security Center.
-
Map each external field to a Security Center field by selecting the column
name from the corresponding drop-down list.
For an explanation of the external fields, refer to
the following topics:
-
(Optional) Choose one or
more fields to be global keys.
-
(Optional) If the external data contains terms that you want to replace, do the
following:
-
Click Find and replace text using regular
expressions ().
-
Enter the text to find and replace.
For example, you could look for variations of a country name and
replace them with a country code, or replace a native card format name
by a supported card format alias.
-
If necessary, change the order using the up and down arrows.
The transform expressions are processed in the order specified in the
Add transform expressions for field
dialog.
-
Click Save.
Tip: If required, you can select the row of any expressions that you
no longer require, and click delete
.
A script icon (
) is shown in the
Sample value column
when the field text is being replaced by a regular expression.
-
If there are external field without a corresponding Security Center field, you can create new
custom fields and associate them now: Click Manage custom
fields, fill the form, and then click
Save.
NOTE: To map an external field that is, turn on the Display all
external fields option.
-
Click Next.
-
In the Data source name field, enter a name for the data
source, and then click Finish.
-
Click Apply.
Results
After synchronization, the Azure AD source is added to the list of data sources, and
the entities are created in
Security Center.