Introduction
The Akumina PeopleSync V5 application synchronizes user properties for the following functionalities:
- Personalization and targeting (Persona)
- Akumina Workspaces
- Leveraging AD Groups in SharePoint Security Groups to provide permissions in AppManager
- Activity Stream
- Social Features such as Comments, Reactions, and Notifications
- Company Directory
The following data sources are supported out of the box but can be configured to synchronize any data source with code development and configuration:.
- Azure Active Directory
- Okta
- SharePoint User profile data (On–Premises)
- Any custom sources (Configuration required)
Note: you can configure to synchronize more than one data source and merge the properties into a single store.
Dataflow Diagram
New Changes in V5
PeopleSync V5 application has several new changes related to configuration and synchronized properties.
- By default the “FetchProperties” > “LargeContentProperties” does not fetching “AllProperties” for a user. If “AllProperties” is required, people sync does support it for backward compatibility, “AllProperties” can be added to the Tenant specific configuration for the FetchProperties > “LargeContentProperties” .
- Property key casing and names have changed in v5 PeopleSync. For a list of valid Azure AD Graph
(v1.6) properties, visit https://docs.microsoft.com/en-us/graph/migrate-azure-ad-graph-property-differences. - For OwnedDevices / RegisteredDevices – we have expanded the available properties. On the image below see the new device properties on the left compared to earlier people sync versions of device properties on the right.
- Introduced tenant level “FetchOptions” for multitenant environments to overwrite global “FetchOptions”. Refer to “FetchOptions” section below for more information.
- Added a new configuration “FetchProperties” > “BooleanProperties to convert any Boolean string to Boolean value. Refer “FetchProperties” section below for more information.
Download Links
Executable from Virtual Machines:
https://akumina.azureedge.net/interchange/PeopleSync /PeopleSync _v5.zip
Executable from Web Jobs:
https://akumina.azureedge.net/interchange/PeopleSync /PeopleSync _v5_webjob.zip
Previous release files can be downloaded from:
https://akumina.azureedge.net/interchange/PeopleSync /PeopleSync _v4.8.zip
https://akumina.azureedge.net/interchange/PeopleSync /PeopleSync _v4.8.webjob.zip
Required Azure Active Directory “Microsoft Graph” Application Permissions
In order to synchronize data from Azure Active Directory, certain “Microsoft Graph” permissions are required. Visit Graph API Connection for Azure AD, to learn more about the required graph permissions for People Sync and to configure permissions on the associated Graph App.
Configuring PeopleSync
People Sync v5 Config Files
When the people sync executes it looks in the config.json file for the people data configuration. Akumina provides several config files, based upon where your data is coming from and where the results are stored.
To change the config.json, backup the original config.json file and rename the appropriate configuration file to config.json. Example, if people sync data is coming from Azure AD and the data is to be stored in Azure Storage Tables, then rename config.azuretable.json to config.json and start configuring people sync.
Config File | Description |
config.json | New in v5, the default file, used when people sync is executed, synchronizes data from AAD and stores the data to Cosmos Database (SQL API’s) |
config.azuretable.json | After renaming this to config.json, this config sychronizes data from Azure Active Directory and stores the data to Azure Table |
config.SharePoint.json | SharePoint On-Premises instances use this configuration file (after it has been renamed to config.json). This config, synchronizes data from SharePoint UserProfileSerice and stores the data to a flat file defined in this config’s property “UploadPath” (NOTE: this path must match the value in the interchange.settings.config file key “tempuploadpath”). If you need load balancer then these file folders should be on a shared disk. |
config.okta.json | After renaming this to config.json, this configuration file synchronizes data from Okta and store data in Azure Table or Azure Cosmos |
Connection Properties
Connection properties are values such as the Azure Storage, Cosmos Service, Azure Search Service connections, as well as Application Insight for Dashboard reporting and AppManager logging. These values are recommended to be stored in Key Vault. If the values are stored in Key Vault then only the “RemoteStorageConnection” would need to remain and be configured in the people sync’s config.json file, set to the Key Vault URI.
Configuring Key Vault Using the Akumina Template
Akumina does not require plain text connection string, instead store them in Key Vault value and specify the Key Vault URI in the config.json. Please note if running on a VM or WebApp you must enable System Identity and add required permissions on the Key Vault for the objectId.
Create a JSON in this format, please note only the following fields are supported at this time through Key Vault:
{ "RemoteStorageConnection": "", "ExternalConnection": { "EndpointUrl": "", "Database": "akcontainers" }, "AzureSearchServiceName": "", "AzureSearchServiceApiKey": "", "InstrumentationKey":"", "AppInsightAppId":"", "AppInsightApiKey":"", "FuncAppInsightAppId":"", "FuncAppInsightApiKey":"", "StoreInSingleContainer": "true", "PrimaryRedisConnectionString":"", "SecondaryRedisConnectionString":"", "TokenStoreEntityName":"", "BlobStoreContainerName":"" }
Where to acquire values for the Key Vault keys
Key | Description |
RemoteStorageConnection | From Azure Portal – This is the Storage Account > Access Keys>ConnectionString or if using “Key vault” the “Secret Identifier”. |
ExternalConnection | Used in V5+, array of items that make up the connection to the database to store the people sync data |
External Connection – “EndpointUrl” | Used in V5+, the EndpointUrl – Comes from Cosmos DB “Settings” > Keys > value of the “PRIMARY CONNECTION STRING” |
External Connection – “Database” | Used in V5+, the “Database” value comes from the container name for this database. This should always be set to “akcontainers” |
AzureSearchServiceName | This will be the “Name” of the Azure Search Service configured in the Azure Portal to support this people sync. |
AzureSearchServiceApiKey | This is the “Primary admin key” for the Azure Search Service configured to support this people sync. |
InstrumentationKey | On the Supported AppInsights, click on Overview, copy and paste the “Instrumentation key”. |
AppInsightAppId | On the Supported AppInsights, click on “API Access”, copy and paste the “Application ID”. |
AppInsightApiKey | On the Supported AppInsights, click on “API Access”, click on “Create API Key”, copy and paste the key |
FuncAppInsightAppId | Used in V5+, on the Supported AppInsights created to support the function apps, click on “API Access”, copy and paste the “Application ID”. |
FuncAppInsightApiKey | Used in V5+, on the Supported AppInsights, created to support the function apps, click on “API Access”, click on “Create API Key”, copy and paste the key |
StoreInSingleContainer | true |
PrimaryRedisConnection | Primary connection string (StackExchange.Redis) – Redis Cache associated with the AppManager web app resource |
SecondaryRedisConnectionString | Secondary connection string (StackExchange.Redis) – this is optional – Redis Cache associated with the AppManager web app resource |
TokenStoreEntityName | In the resource associated storage container this is the table name |
BlobStoreContainerName | In the storage container this is the Blob container name |
- Create a Key Vault secret then set the value to above JSON.
- Set the Access Policy on the Key Vault (using Configure from template = Key, Secret, & Certificate Management) and grant the permission to the appropriate VM or webapp where people sync is to run.
- Open PeopleSync config.json and update the AzureStorageConntetionString with the appropriate URI.
Config.json Connection Properties
Property | Type | Default | Description |
AzureStorageConnectionString | String | From Azure Portal – This is the Storage Account > Access Keys>ConnectionString or Key Vault. For storing the connection string in Key Vault you can specify the Key Vault URI – example if running as a webjob. (This is the same connection string found in the interchange.setings.config file see this key value: akumina:RemoteStorageConnection). To configure Key Vault, please review “Configuring Key Vault” section of this article below.
|
|
ExternalConnection | JSON | “ExternalConnection”: { “EndpointUrl”: “”, “Database”: “” },If using the Key Vault template above then this section of the config should be removed since these items are defined in the Key Vault template.Else, these values are used when you are writing data to Cosmos DB.The EndpointUrl – Comes from Cosmos DB “Settings” > Keys > value of the “PRIMARY CONNECTION STRING”The “Database” value comes from the container name for this database. This should always be set to “akcontainers” |
|
AzureSearchServiceName | String | “” | Remove if using Key Vault template defined above. Else, this will be the “Name” of the Azure Search Service configured in the Azure Portal to support this people sync. |
AzureSearchServiceApiKey | String | “” | Remove if using Key Vault template defined above. Else, this is the “Primary admin key” for the Azure Search Service configured to support this people sync. |
PeopleDataEntityPrefix | String | “” | This is the prefix that will be used for your people sync data, this value must match the value set in your AppManager > Settings > AppSettings Manager – for “PeopleDataEntityPrefix” and “SearchIndexPrefix” |
RootBlobContainer | String | “” | Remove if using Key Vault template defined above and BlobSoreContainer is set. This is the value set in AppManager’s interchange.settings.config key “SettingsBlobContainerName” |
Tenant Configuration
Tenant configuration is a set of required properties used to synchronize the source data such as AAD, OKTA, SharePoint User Profile Service, etc. Multiple tenants can be configured in an array. Custom Properties can be added to the tenant specific configuration. Example if a custom FetchOption, FetchProperties or AssemblyTypes “CustomFilterAssemblyType” is needed for the tenant, copy the configuration area (if it does not already exist) into the TenantConfiguration array item and customize it for the tenant. In the table below an example of adding the FetchProperties is given.
Property | Type | Default | Description |
TenantId | String | Domain used to login to your account.
For Azure Active Directory – TenantID or DirectoryID (Site Creator we call this the Subscription ID) For Okta, set your subdomain. Example: If your domain is mycompany.okta.com, then the value is mycompany. |
|
ApplicationId | String | Acquired from the Graph App created to support Akumina. This is the “Application (client) ID” associated with the Graph App. This is value used in App Manager site creator as the “Application (client) ID” . | |
ApplicationSecret | String | Acquired from the Graph App created to support Akumina. This is the supporting App Graph’s “Client Secret” VALUE. Also used in AppManager > Site Creator, the value for “AAD Client Secret”
For Okta, refer to “Configuring Okta application secret” section. |
|
PersonaFieldFiles | Array of strings | [{AppManagerDomain}-tenantid-personaqueryfields.json”]
The above is generated by executing the command UpdateTenantConfig.cmd |
|
AkuminaUrls | JSON | AppManager URL
The above is generated by executing the command UpdateTenantConfig.cmd |
|
AppManagerQueryKey | string | Acquired from the AppManager > Site Creator > DigitalWorkplace Core Site > Interchange Query Key | |
FetchProperties | JSON | In a Multi Tenant environment this is a custom FetchProperties section that can be defined for each tenant and added to this tenant property area. Please refer to the FetchProperties section section below to add additional custom FetchProperties for this tenant. | |
FetchOptions | JSON | In a Multitenant environment this is a custom FetchOptions section that can be defined for each tenant and added to this tenant property area. Please refer to the FetchOptions section below for additional information. | |
FieldsMappingSource | String | “fieldsmapping.xyz.json“ | Name of the json file that contains the JSON formatted mapping of field names (graph property name to front end property name) and default language. In a Multi Tenant environment this file name should be unique to the client/tenant example fieldsmapping.xyz.json, since this would need to be a unique name for this tenant area |
CustomFilterAssemblyType | String | “” | In a Multi Tenant environment, this CustomFilterAssembly will be set if a Custom filter is require for this specific tenant. Please see the following link for additional information: https://github.com/akumina/AkuminaSamples/tree/master/PeopleSync Customization |
FrontEndStorageConnection | String | “” | Azure Storage Account used for Headless front end. If Headless frontend is not used, then this configuration is not require to synchronize the User Profile. From Azure Portal – This is the Storage Account > Access Keys > ConnectionString. |
FetchOptions
Global fetch options are used if Tenant specific fetch options are not configured. Include all FetchOptions at Tenant Specific, if you need to override any one of the fetch options then set at Global FetchOptions.
Option | Type | Default | Description |
SyncUsers | Boolean | true | Synchronize configured user properties |
SyncGroups | Boolean | true | Synchronize Active Directory Groups |
SyncUsersAssignedToNoGroups |
Boolean | true | Set to true, all users will be synced. If the value is false, then users who are not assigned to any groups will be filtered out of the people sync. |
SyncTags | Boolean | false | Set to true if Akumina Workspace Licensed and configured |
SyncTypes | Boolean | false | Set to true if Akumina Workspace License and configured |
TrackUserGroupChange | Boolean | true | Enumerates the user changes for ActivityStream Access Control update |
TrackUserPersonaChanges | Boolean | true | Enumerates the user changes for ActivityStream Access Control update |
MergeGroupFieldsToUserGroup | Boolean | true | Duplicates the GroupFields into UserGroups entity |
CollectMetrics | Boolean | true | Used only with Cosmos DB. Stores all executed Request Units (RU) per execution. This fetch option is set at Global Fetch. |
FetchProperties
Global FetchProperties are used if Tenant specific FetchPropertiese are not configured.
Property | Type | Default | Description |
TagExtension | String | “groupname“ | Tenant based TagExtension value. If we need to overwrite the default TagExtension, then we can include the values here otherwise we can keep this as empty or remove the property. |
TypeExtension | String | “groupuser“ | Tenant based TypeExtension value. If we need to overwrite the default TypeExtension, then we can include the values here otherwise we can keep this as empty or remove the property. |
ExpandProperties | String | “” | If the value returned as JSON then the system will generate linear string property of the value. For example if the field defined returns the JSON of “P” as {“P1”:”V1”,”P2”:”V2”} then the property expanded as P_P1 with value V1 and P_P2 with value P2 |
UserProperties | String | “id,accountEnabled,businessPhones, city,companyName,country, deletionTimestamp,department, onPremisesSyncEnabled,displayName, facsimileTelephoneNumber,givenName, jobTitle,mail,mailNickName,mobilePhone, objectType,officelocation, physicalDeliveryOfficeName, postalCode,preferredLanguage, sipProxyAddress,state, streetAddress,surname, telephoneNumber,usageLocation, userPrincipalName,userType,otherMails, provisionedPlans,provisioningErrors, proxyAddresses,schools,skills,birthday,hiredate” |
You can add remove any properties defined in your Identity provider or data source. |
UserExtendedProperties | String | “Manager,AssignedLicenses, AppRoleAssignments,DirectReports, OwnedDevices,RegisteredDevices, OtherProperties,UserPreferences” |
Extended properties are complex object needs multiple calls to data source. You can add or remove any supported properties |
GroupProperties | String | “id,description,displayName“ | Group properties |
PersonaUserProperties | String | “mail,displayName,userPrincipalName, businessphones,aklanguageid” |
Persona properties |
UserGroupUserProperties | String | “displayName,userPrincipalName, businessphones,aklanguageid“ |
User Group properties |
SkipUsers | String | “” | Specify condition like “display=xyz,location=boston” it will then skip users whose value starts with defined conditions. Example:
“SkipUsers”: “givenName=Firstname,givenName=Test,givenName=GiveName,department=Dummy”, In the above users whose givenName, starts with Firstname or Test or GiveName or are in department beginning with Dummy will be excluded. |
SkipGroups | String | “” | Specify condition like “display=group1” it will then skip Groups whose value starts with defined conditions. |
LargeContentProperties | String | “DirectReports“ | |
ConvertValueToLowerCase | string | “userPrincipalName,mail,userEmail“ | We will convert these user properties to all lower case. |
BooleanProperties | String | “accountEnabled“ | This property should be set at Global fetch properties. |
DateTimeOffsetProperties | String | “CreationDate“ | This property should be set at Global fetch properties. |
SavePeoplePictureAs | String | “userPrincipalName“ | Based on this comma separated AAD property name, the User’s profile picture will stored in the blob (when ProfilePictureStorageAssemblyType & FrontEndStorageConnection configurations are set). For. eg., if we need to clone the image with mail value of the user, then the value will be set it as “userPrincipalName,mail” |
FetchProperties UserExtendedProperties field expansions
Some properties are extendable, the following table summarizes the columns included in the UserExtendedProperties.
UserExtendedProperties | Fields retrieved |
Manager | Manager |
AssignedLicenses | All Licenses and Count |
AppRoleAssignments | id, principalDisplayName, principalId, principalType, resourceDisplayName, resourceId |
DirectReports | displayName, givenName, surname, mobilePhone, businessPhones, jobTitle, mail, officelocation, preferredLanguage, userPrincipalName |
OwnedDevices | deviceId, deviceMetadata, deviceVersion, operatingSystem, operatingSystemVersion, trustType, displayName |
RegisteredDevices | deviceId, deviceMetadata, deviceVersion, operatingSystem, operatingSystemVersion, trustType, displayName |
OtherProperties | All the other external properties configured in the AAD |
EmailSettings
Email settings are optional. When specified, the system will send email on sync status such as success or failure.
Property | Type | Default | Description |
SmtpHost | String | “” | SMTP Host |
SmtpPort | String | “” | SMTP Port |
SmtpUser | String | “” | SMTP User |
SmtpPassword | String | “” | SMTP Password |
SendUsingAppManager | Boolean | false | If set to true, you do not need to specify other properties, it will call the configured AppManager endpoint to send emails. |
NotifyFrom | String | “” | From Address |
NotifyTo | String | “” | To Address |
AssemblyTypes
Global Assembly Types are used if Tenant specific Assembly Types are not set for the tenant. Assembly Types let you configure your implementation of corresponding features such as Data Source, Storage, Queue, Custom Sync filter, etc.
AssemblyType | Type | Default | Description |
StorageAssemblyType | String | Akumina.PeopleSync .Storage.CosmosDb.SqlApi, Akumina.PeopleSync .Storage.CosmosDb .SqlApi.Storage |
Data store such as Azure Table or Cosmos DB. For Azure Table, change the value to: Akumina.PeopleSync .Storage.AzureStorage, Akumina.PeopleSync .Storage.AzureStorage.CloudTableStorage |
QueueAssemblyType | String | Akumina.PeopleSync .Storage.AzureStorage, Akumina.PeopleSync .Storage.AzureStorage .CloudQueueAction |
Azure Storage Queue configuration for asynchronous multistage processing |
PersonaAssemblyType | String | Akumina.PeopleSync .Storage.AzureStorage, Akumina.PeopleSync .Storage.AzureStorage .PersonaStorageClient |
Persona implementation |
SearchAssemblyType | String | Akumina.PeopleSync .Storage.AzureStorage, Akumina.PeopleSync .Storage.AzureStorage .SearchAdmin |
Search implementation |
SyncSourceAssemblyType | String | Akumina.PeopleSync .AzureActiveDirectory, Akumina.PeopleSync .AzureActiveDirectory .SyncSource |
Data Source reader. Refer to the example: https://github.com/akumina/AkuminaSamples/tree/master/PeopleSync Customization |
SyncUserPreference AssemblyType |
String | Akumina.PeopleSync .Storage.AzureStorage, Akumina.PeopleSync .Storage.AzureStorage .UserPreferenceStorage |
User preferences Implementation |
MetricsAssemblyType | String | Akumina.PeopleSync .Storage.AzureStorage, Akumina.PeopleSync .Storage.AzureStorage .CloudTableStorage |
Records the Cosmos DB Request Units after every execution of people sync. To log values in cosmos DB change the value to: Akumina.PeopleSync .Storage.CosmosDb.SqlApi, Akumina.PeopleSync .Storage.CosmosDb.SqlApi.Metrics |
CustomFilterAssemblyType | String | “” | In a Multi Tenant environment, if the CustomFilterAssembly is not set then the global CustomFilterAssembly will be used. Please see the following link for more information: https://github.com/akumina/AkuminaSamples/tree/master/PeopleSync Customization |
ProfilePictureStorageAssemblyType | String | Akumina.PeopleSync .Storage.AzureStorage, Akumina.PeopleSync .Storage.AzureStorage .CloudBlobStorage | Implementation for Profile Picture synchronization |
Other People Sync Configuration Properties
Property | Type | Default | Description |
UsingSaaS | Boolean | false | Used to configure whether PeopleSync will support SaaS model (multi-tenancy). This is applicable only to Cosmos Db Storage Implementation
StoreInSingleContainerUsed to determine, whether Cosmos Db Storage should use Single Container, while using multi-tenancy model |
StoreInSignleContainer | Boolean | true | Writes all Users, Groups, UserGroups and Persona into same entity with partition key of
|
SingleContainerName | String | “users” | Storage Container name will be determined based on this value while using multi-tenancy model. If value not set, then PeopleDataEntityDataPrefix will be used as container name. |
ResumeOnError | Boolean | true | Continue processing if any error occurs |
ContinueOnSchedule | Boolean | false | Continue schedule is most commonly “false”. Most VM are using scheduled tasks and webjobs use triggered tasks instead of a “Continuous” running task. However, this value is there to provide the option. If ContinueOnSchedule is “true” then the time schedule used is set below on key ScheduleIntervalInSeconds (described below). |
ExistConsoleWhenDone | Boolean | true | If set to “true” then the console will close upon completion. This should be left as true it is only changed to false for debug purposes. |
ScheduleIntervalInSeconds | Number | 60 | If “ContinueOnSchedule” is set to “true” then a differential sync will occur every 60 seconds or whatever value desired and set for this key in seconds |
QueueItemVisibilityTimeoutInMin | Number | 30 | If there are more than 5,000 users in Azure AD then this should be set to 30 |
MaxRetryAttempt | Number | 3 | The number of times the process will retry before erroring out. This property combined with RetryDelayInMilliSeconds |
SamplingCount | Number | 10000 | Total number of rows require to get the fields for generating the PersonaQueryFields.json and Generating the IndexColumns in Azure Search Service. Default value is 10000. If any missing column in Azure Search Service, increase the sampling count based on the requirement. |
RetryDelayInMilliseconds | Number | 3000 | If throttling issue in the cloud, then the system will retry after given interval. This property is combined with MaxRetryAttempt |
FieldMappings
In the people sync config folder there are 3 fieldsmapping.*.json files. One is appropriate for people sync source from:
- Azure AD – fieldsmapping.aad.json
- Okta – fieldmapping.okta.json
- SharePoint User Profile (On premise) – fieldsmapping.sharepoint.json
Start with the appropriate people source file and then customize the file if needed.
Prefix: Set unique value to this field if you need to initialize prefix to fields, this is required to uniquify the fields if you sync cross multiple data sources.
PrefixExclude: System defined; you can add but cannot remove the default values
Group: For any customization of the Group fields. Example in your AD you may have a group column called “id” (read in column) but in the Akumina framework you want id to really be objectId (write out to), then the field mapping will become “Id”:”objectId”
Users: For any customization of the User fields, for example in your AD you may have a field called _firstname (reads in) but in the Akumina framework you want to have it represented as FirstName (write out to), then the field mapping will become “_firstname”:”FirstName”
UserGroups: Same as “Users” but the property related to user groups
UserPreferences: Same as “Users” but the property related to user preferences
Note: Any value that starts with “~” is a constant. For example: “~1033″:“aklanguageid” : will be stored in our system column aklanguageid=”1033” for the site default language.
Creating a custom fieldmapping file for a tenant
A custom fieldmapping file can be created to change things such as default languages or mappings. Example fieldmapping.french.json or fieldmapping.*.json, where * is the unique name used for this tenant’s ( * could be clientname) fieldmapping json file. In the example below, start with the appropriate fieldmapping type file associated with your source data e.g. aad, okta or sharepoint. In the case where aad is the source, copy fieldsmapping.aad.json and rename the file to be unique for your tenant in this example fieldmapping.French.json. This tenant should have default language set to French. Edit the file and change the language code from ~1033 to ~1036. example:
In the “Tenant Configuration” area of the config.json, set the FieldsMappingSource to this newly created file in the people sync directory example:
Running PeopleSync
Generating Data Store
Prerequisite: People sync requires .NET Core 3.1.x or greater when running on a VM, visit https://dotnet.microsoft.com/download/dotnet-core/3.1 to downloads and install.
Go to PeopleSync directory, execute the following commands in the exact order. It is important that the following steps must be completed entirely before continuing next commands.
- UserAndGroup.cmd
- DeQueue.cmd
- SyncUserPreference.cmd
- SyncPersonaSchema.cmd
- AddSearchIndex.cmd
- Persona.cmd
People sync running on VM – Configuring a scheduled task for the People sync and Personas
For incremental sync schedule, use the window task scheduler and configure a scheduled task to run:
- UserGroupAndQueue.cmd
- Persona.Cmd
Running as WebJob
If you are hosting the AppManager on a webapp, then you can run PeopleSync as a web job attached to the webapp or create a dedicated webapp just for PeopleSync.
Triggered Mode
Configure the PeopleSync for Triggered Run as described in the above sections
- Verify the appropriate config.json has the following keys set:
“ContinueOnSchedule”: false
“ExitConsoleWhenDone”: true
- re-zip the people sync folder.
Add the Triggered WebJob to your WebApp
In Azure portal select your WebApp.
- On 2nd blade scroll down and select “WebJobs”
- Select “+ADD”
- Enter Name of WebJob
- Click on folder icon and select the zipped-up people sync from your local computer
- Set Type = Triggered
- Set Tiggers = Scheduled
- Set CRON Expression = 0 */1 * * * * Note: This is set to 1 minute, a client can determine how often to do a differential sync and set this as desired
- Click OK
Best Practices
- For better performance remove the properties that are not required by your implementation. For example, only enable the User Extended Properties if you need the information in the User Context to support site functionality.
- The more processors that your VM has the faster it will process the queue items. For example, if you have 16 processors, then it will generate 16 threads of the process queue and process the items fast. Azure WebJobs will scale automatically to utilize all the available processes.
- If you are running on a VM and you have multiple VM’s you can copy the entire PeopleSync Directory to another VM and run startQueueSync.cmd at the same time.
Miscellaneous
Azure Search
Configuring Azure Search Services and acquiring the necessary key
Setting up the Azure Search Service requires administrator permissions to the Azure Portal
Access the Azure Portal. Click on “All Services” (left rail) and search for “Search Services” and select.
- On the Search Service Blade click on “+Add”
- URL – enter a URL (the value entered is your AzureSearchServiceName) – all lower case, example clientnameprodpeoplesearch
- Subscription – Select the appropriate Subscription.
- Resource group – Use existing – and select the appropriate resource group.
- URL – enter a URL (the value entered is your AzureSearchServiceName) – all lower case, example clientnameprodpeoplesearch
- Location – Set as the client preferred location, in my example West US 2
- Pricing tier – based on number of users and indexes customer can choose anywhere from basic to standard.
Acquiring the AzureSearchServiceApiKey
On the Search service page, select the AzureSearchServiceName, in this example clientnameprodpeoplesearch.
A set of blades will open. Select the navigation blade item “Keys” and copy the “PRIMARY ADMIN KEY” – this is the value need for the AzureSearchServiceApiKey.
Configuring Okta application secret
This is for sample purposes only to show you how to configure Okta:
- Login as an Administrator for Okta Account using domain name.
- From Application home page, use “Admin” button to navigate to Admin Dashboard page
- Navigate “API” link in “Security” menu to land into “Token” page
- Click on “Create Token” button to initiate the token generation screen
- Enter any token name in the field and click “Create Token” button to generate token.
- New token will be generated and displayed in the screen. Copy this token for future reference.
- This token will expire in 30 days if it’s not used. Expiration will extend for next 30 days whenever we use it. Please make sure to configure the valid Token to run the sync.
Here’s an example of Okta fields mapping: