Entra Directory Sync (EDS)

Entra Directory Sync (EDS)

The Entra Directory Sync (EDS) is the application which syncs users in an Entra ID Directory with My1Login.

Prerequisite: This guide assumes you have already registered the EDS application in Azure. If you haven’t please follow the guide below first:

Configuration:

The following steps require 3 configuration settings from Azure. Please view the page linked below for help on how to find these values in Azure.

Step 1 - Web App Configuration

Note: this step requires the user to have the “Entra Directory Sync” AccountRoleType. If your user doesn’t have this, they can add it as a role for the user they will be using to configure the Entra Directory settings in My1Login.
  1. On the My1Login Admin Portal, navigate to Admin → Users → Entra Directory
  2. Enter the Tenant ID retrieved from Azure
    1. Enter a Filter:
      1. Separate filters are separated by parentheses (same as AD filter)
      2. Filter by Administrative Units by entering (AU=<Administrative Unit Name>)
      3. Filter by Groups by entering (Group=<Group Name>)
      4. Filter by a specific Group inside an Administrative Unit by entering (AU=<Administrative Unit Name>,Group=<Group Name>)     
                                In the example below:
                                - (AU=ACME CI Company,Group=Test Users) will find only users in group Test Users within administrative unit ACME CI company
                                - (AU=Fake Company) will find all users and groups within administrative unit Fake Company.
    1. Save Changes                                                             
  1. Go to Admin → Security → SSO Settings

  2. Click “Add OIDC IP Config”

  3. Name the button (i.e. Log in with Entra) - this is what will appear on the login page for your My1Login whitelabel

  4. Tick “Show on Login Page”

  5. Save Changes

    Step 2 - EDS Configuration


    1. Install the EDS as you would the ADC

    2. Open the EDS. Navigate to the Server Settings tab and Log In as an Admin user. The API Key, Account Identifier, Security Token and Directory (Tenant) ID fields should autofill once logged in. The filter should also autofill.                                                                                                                                                        

    3. Fill in the Application (Client) ID and Client Secret fields with the values retrieved from Azure earlier. Click Update from Server, Validate and Save

    4. Navigate to the Service Control tab. The service can now be started.

    5. Once the service is running, you can click Synchronise All Entra Users Now and monitor the progress from the Tail Log tab



      • Related Articles

      • EDS Requirements

        Technical Requirements Microsoft Entra ID Entra App Registration with privileges to read the directory Define AU or group objects to be synchronised My1Login Username & Password for Service Account Server Windows VM running in Azure 2 vCPU and 8GB ...

      • Troubleshooting the EDS

        Sync Issues 1.1 Incorrect Configuration (Web) On My1Login web, the Entra Directory screen must be filled out with the following details: Tenant ID (needed to identify which Azure Tenant to sync from) Filter (needed to identify which Administrative ...

      • Create EDS Application in Azure

        Sign into the appropriate Azure tenant. Access Microsoft Entra ID: Click “App registrations” in the sidebar, then click “New registration”: Enter a name for the application, i.e. EDS Under “Supported account types”, select “Accounts in this ...

      • Finding EDS Configuration Values in Azure

        To configure the EDS, you need 3 values: The Tenant ID of the Entra Directory The Client ID of the application The Client Secret of the application Finding the Values Open Azure and select correct directory Navigate to Microsoft Entra ID page Click ...

      • How the Active Directory Connector (ADC) works

        How the Active Directory Connector (ADC) works The My1Login Active Directory Connector (ADC) extends your AD domain into the My1Login cloud Identity registry enabling seamless single sign on to the My1Login system. The ADC supports bi-directional ...