![]() If required, complete Azure MFA for that service account admin user.ĭuo does not see or store your Azure Active Directory administrator credentials. Sign in with the designated Azure service administrator account that has the global administrator role for this Azure Active Directory. If you chose to add a new connection for this Azure AD user sync then after clicking Continue you'll be redirected to the Azure AD portal to authorize use of Duo Azure AD Sync in your tenant. Instead, you'll proceed directly to the new sync's properties page, where you'll select groups to sync and configure the synced attributes. ![]() You will not be asked to perform the Azure app authorization steps again. If you want to use an existing connection choose Reuse existing connection and use the drop-down to select one from the list, then click Continue. User syncs and admin syncs can share connections to the same source directory. If you have previously created an Azure AD sync for users or administrators you can either create another new connection or reuse an existing connection to that directory for this new sync. With Add new connection selected, click Continue to proceed to the next step. If this is the first Azure AD sync you've created for users or admins then you must first create a new connection to use for this sync. Locate Users in the left side bar and then click Directory Sync on the submenu or click the Directory Sync link on the "Users" page.Ĭlick the Add New Sync button and select Azure AD from the list. To start setting up a user directory sync: Set Up User Sync Create or Choose a Connection for User Sync Multiple directory syncs that use non-unique user names or the same selected groups may also produce undesired results, as each sync process could overwrite the user with different information or update the group memberships for a given user unexpectedly. Likewise, if you synchronize multiple directories and there are non-unique usernames among those directories, the net result is that there will be only one Duo user created with that username, and each sync will update that Duo user with different information. Performing a synchronization will cause the existing Duo users' information to be merged with, and in some cases overwritten by the Azure AD information, such as email addresses present in Duo changing to match the value stored in the synced directory. Suppose that you already have some active Duo users, and one or more of these users have the same username in Azure. ![]() Role required: Owner, Administrator, or User Manager.īefore executing any directory synchronization with Duo, understand the effect that synchronization can have on accounts with the duplicate Duo usernames. An application where users sign in with an Azure AD UPN as their username.Duo Admin directory sync setup and management requires the Owner admin role. You must have the Owner, Administrator, or User Manager admin role to set up and manage directory sync of users into Duo.Azure AD groups populated with users to sync.This service account may or may not require Azure MFA for admins at login ( learn more about the baseline MFA policy for Azure admins). This account needs the Azure Global Administrator role during Duo setup, but you can reduce the service account's role privileges later. A designated Azure admin service account to use for authorizing the sync.Duo supports importing users into Duo from Azure commercial and government tenants, but not from Azure GCC High tenants. A supported Azure or Office 365 subscription. ![]() Prerequisitesīefore setting up Azure AD sync, ensure you have the following: The Directory Sync feature is part of the Duo Premier, Duo Advantage, and Duo Essentials plans. You can also run an individual user or administrator syncs on-demand from the Admin Panel or programmatically via Admin API. Run either type of full sync on-demand from the Duo Admin Panel. Scheduled user synchronization of your full directory runs twice a day, and runs every 30 minutes for administrators. No information from Duo is imported into your user directory. Import Duo Duo end-users or administrators directly from your Azure Active Directory (AAD) cloud service into Duo with Duo Security's Directory Sync feature.ĭuo Directory Sync is a one-way operation. Learn how to synchronize Duo users and groups or Duo administrators from your existing Azure Active Directory (AAD) domain.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |