Configuring Active Directory Synchronization - Basic (Azure)

Owned by Kiss, Mate
Apr 26, 2019
4 min read

In small or medium-sized Verba deployments, usually only a few Active Directory Synchronization Profiles are configured. When the only requirement is synchronizing the recorded users, even one profile is enough.

In the case of these basic setups, AD users separated by security groups based on the purpose of the users in Verba. These users then synchronized into Verba by Active Directory Synchronization Profiles tied to these groups.

The disadvantage of this kind of setup is, that in case of many different user setting combinations in the Verba side, lof of security groups would be required because of the combination of the settings (E.g: Voice recorded, IM recorded, Voice and IM Recorded, etc.). In cases like this, see Configuring Active Directory Synchronization - Advanced.

Synchronization Profile Sequence

The Sequence setting of the AD Synchronization Profiles determines the executon order of the profiles. It starts from the smallest one. In case of using a basic setup of AD Synchronization Profiles, this setting is important when a user is member of multiple synchronized AD security groups. Once a user gets syncronized by the first profile based on the sequence, it won't be modified any more by the subsequent profiles.

Prerequisites

Before creating the Verba Active Directory Synchronization Profile, a Connector App has to be registered in the Azure portal: Registering a Connector App for Azure AD

Configuring Azure AD Synchronization for Recorded Users

Step 1 - Go to the Users \ Active Directory Synchronization menu.

Step 2 - Click on the Add New Active Directory Profile link in the upper right corner.

Step 3 - Provide a Description.

Step 4 - Set the Active Directory Type to Azure AD.

Step 5 - Provide the Tenant ID and the Application ID. These IDs can be found in the Azure portal by going to the Azure Active Directory \ App registrations (Preview) menu, and selecting the App:

Step 6 - Provide the Application Secret Pass. It can be gathered when registering the Connector App.

Step 7 - Provide the User Search Filter. In this field, only the filter parameter is required from the full Graph API request (the part after "https://graph.microsoft.com/v1.0/users?$filter="). For example: " department eq 'callcenter' ".

For the filter parameters and the user properties, see:

https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter

https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0

Step 8 - Configure the phone number and/or SIP URI mapping(s) under the Phone Numbers section.

Step 1 - Click on the  icon in order to add a new mapping.

Step 2 - Provide the user property of the Azure AD users to be synchronized into Verba as recorded extension (phone number or SIP URI).

Step 3 - If the whole phone number or SIP URI has to be synchronized, then provide the "(.*)" regex value in the Pattern to Match text box.

Step 4 - If no number or SIP URI transformation needed, then provide "$1" in the Conversion Rule text box.

Step 5 - Repeat the steps if multiple phone numbers and/or SIP URIs have to be synchronized.

Number and SIP URI conversion

There are cases when only a portion of the phone number or SIP URI is needed, or it has to be built from multiple elements.

If a portion of the phone number has to be cut down, modify the Pattern to Match value, so the part within brakets will match only the required part of the number. For example, lets say all the numbers in the AD starts with 001, but it's not required for the recording. In this case, the "001(.*)" pattern can be used.

In other cases, the value found in the AD LDAP attribute is not enough, so we have to extend it. Lets say the SIP URIs are not stored in the AD, but the sAMAccountName is the same as the first part of the SIP URI. In this case, extend the Conversion Rule setting with the SIP domain part: $1@contoso.com

Step 9 - Click on the New Users' Properties tab on the top.

Step 10 - Set the recording setting of the synchronized users under the Recording Settings section.

Step 11 - Click Save.

Step 12 - After the Active Directory Synchronization Profile is saved, a Login button will appear under the Azure AD Information section. Click on the Login button.

Step 13 - Log in to Azure AD, then accept the requested permissions.

Step 14 - If the login was successful, a "Permissions are granted" label will appear above the login button:

Configuring AD Synchronization for Supervisors or other users

Step 1 - Complete the steps 1-7 from the Configuring Azure AD Synchronization for Recorded Users section in order to set the basic settings of the Azure AD Synchronization profile.

Step 2 - Click on the New Users' Properties tab on the top.

Step 3 - Tick the role(s) that is required for the synchronized users under the Available Roles section.

Step 4 - Click Save.

Step 5 - After the Active Directory Synchronization Profile is saved, a Login button will appear under the Azure AD Information section. Log in as described at Step 12-14 above.