Microsoft Entra ID (Azure AD) User Sync
ServiceDesk Plus enables you to import users from Microsoft Entra ID (Azure AD) based on certain criteria. You can map Azure AD user fields with ServiceDesk Plus fields to import specific user details.
You can also automatically sync deleted users from Microsoft Entra ID to ServiceDesk Plus.
Role Required: Organization Admin for ESM Setup; SDAdmin for non-ESM setup
You can import users from multiple tenants into the application. Each tenant must have a separate app registration.
ServiceDesk Plus only reads user information from Azure via API and does not modify data in Azure.
Please disable AD import for domains with Microsoft Entra ID sync configured
Prerequisites
Configure Microsoft Entra ID
To obtain user and group information from Azure AD, create an App registration with the required permissions. Follow the steps below to register the application.
Role Required: Global Administrator
- Log into Azure.
- In the left pane, select Microsoft Entra ID.
- On the Microsoft Entra ID page, select App registrations from the left pane, and click New registration.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93big0KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjQyNzc1OTZ9fX1dfQ__&Signature=glwgxNhtC2B0~8uSmM~QDH3od4VTs23UQFzp-MfKb7H1~cVtIFFEEBY4iKLUk4hx~Y7ed41qRW66ZHDSbuvxXlNBpr4Zxi29P1WoqzvXWICJC-Es2VbJkmn6A~r9DiKXsRa1m8Mk4dbcYkTEGG--cXOQyA~Y3Aw2qTs-FyZ~0bzzxr6jMOjtbpfiZFEK2VMmPToatrqk4XNR3OuXUSPy7VtFvNVTqJvfJ6aQfxydLjEh1-GieSOgKbXukj4Qq29-2knQPW7pmPiL45FvAN2dRRQGcjfo-7XiyqlPQLXZS9rqlarMWegyr3e~q5PtTVUW-uQP-YriOc8qMLVKFvVj2g__&Key-Pair-Id=K2TK3EG287XSFC)
- Provide a name for the application.
- Select the supported account types for the application. This determines who can access the application.
Note that Accounts in this organizational directory only option must be selected to sync users from Entra ID.
- Click Register to save the application.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93big1KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjQyNzc1OTZ9fX1dfQ__&Signature=mQl32mDpwbA6YXD9cF7dbXIRW-E0oupkZGEegu5CRGTmYWdh3RgyWe7IQZcpWCN07Ir37yxzPC-MYGAS0J4gkMEJXfKoTY-0ojrqmyZ79KpvkXop5w-OYIJ7VIFkakaPZAqHrBRfGD-jHhfqzvAs6MEzO2IiyqOT0rBicKYVW1L44EJrvCTD8xcX-jpAUmKExaCd9LxHr2HCbPowQL53huVsKGg2RIRP8M5mlxys5qFqY2nDQEkL2Y2vUMok68FGAimKgHjW4Fqr9LP2AWPwLiKNJH71bqJCwGdsKcfwFokG2cQjbgN2ljmYWJCyN1aWw20Uv5CEu4jrs7O2XKBuag__&Key-Pair-Id=K2TK3EG287XSFC)
- In the registered application, you can find the Client ID and Token URL in ServiceDesk Plus.
- Client ID: Application ID in the Overview section.
- Token URL: OAuth 2.0 token endpoint (v2) under Overview > Endpoint.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93big2KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjQyNzc1OTZ9fX1dfQ__&Signature=bTFm~FxKjakO2is41soNtc0ewdD0FvHxtxpntTPMUOaYiCZgHNQeAVgSb~kDYbN0CKYlluf-FPVwZQb6uvnIhyFJtw7TKGnzW~tTZUhfKO~ZxLBuatlyXzm1gWd9uxdMbsMBvMRsy1uArpaLzh88-9IRumma~MNHmifQza--ELgyrMbONv31pCZq8dp8zqV9IjbXPN4QDBAwFhsCaHOqveBSORO9ELxP59ZNsN9jzgAQnXSM5wQb8ajXKFI4mSL5V-j3F9IouWraJfU~c9-OBlQnFAXElZRjxn-6CEcxSdoLNh3f7s1LI9czPgNfNOADCpmN5aEMoD1J~JhnCrEW7A__&Key-Pair-Id=K2TK3EG287XSFC)
- To get the Client Secret, go to Certificates & Secrets > Client Secret > New client secret.
- Provide a description of the client secret and choose its validity.
- Click Add.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93big3KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjQyNzc1OTZ9fX1dfQ__&Signature=cNQ5cTDsV2MSqhTFYPZ2IIfUIjtNa48hXUMIxQBmku4sdArXneJw8r0T15zN3J-jIQLwRkRRTYD4nD3MIgiRH0I1U9rLAYJ9mR0Ddudx5WaEbEizAQzdbo05YkRPDXZSe87W1GBocwFULPhN54RPYVr2qdm10HcC6tyJjUHaPOw3SQFU4YHzBtugzaN~DpGUxFQvWcrXUfCwfqw2HVJWTx9K8FmhVDCpzgZBZS8HqY7FeEl~kG9lMlDO7KKmitW5bF4uI8JZKcwZFK-WUhxeY02MT5E8YrXhtmnWtHnJX-utRvAjScVj-DsFYr9Ykxw78~HRtLXmj-fE1GYiXQGJYg__&Key-Pair-Id=K2TK3EG287XSFC)
- Update permissions required for user sync in the registered application:
- Go to API permissions and click Add a permission.
- Select Microsoft Graph > Application permissions
- Add permissions User.Read.All and Group.Read.All
- Grant admin consent for the added permissions.
Group.Read.All permission is required to list Azure user groups when setting criteria. If you do not require group-based criteria, this permission is not necessary.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93big4KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjQyNzc1OTZ9fX1dfQ__&Signature=TPPH04lBU-Px8VCrbzIRX0gU33HSlO~3FzyF2ydrk5ECAwUpaiWnMwW-V9ymoRn4YUn9g0~buhFtKsq3~qgn7ljAdpgC-3VygPpC8polBxCaX-aMxA4xSznRVAVitg4JyGJKlGZ6ry2LELfk85l-m5mBBQEozNrB8AHynhGKBLFIeAF6qaKneNdrBfTVkOYjgTjmWDE9ne0FrkzwoUuBGoYIcYB6kbzDqFUXd1vlezFKhRNs-YZyVmZI6Icp5K850CJZJ0FBOhaJd2Mtuqg2QFYeARGmLb7mRRxfk-tit841piVyEgwOyy038-t8omqnki0bhGsMKPzmYpuhcruWGw__&Key-Pair-Id=K2TK3EG287XSFC)
Configure User Sync
Set up Microsoft Entra ID integration for user synchronization under ESM Directory > User Management > Microsoft Entra ID (Azure AD) for ESM setups.
For non-ESM setups, access Microsoft Entra ID (Azure AD) under Admin > Users & Permissions.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93big5KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjQyNzc1OTZ9fX1dfQ__&Signature=miB~SDCsxOvcdczOdGNYgqBawbk~93HMcMmkMZUgKPR6KFYHCsWCh7vdo8-ihbaf3O18Q9Xpi-EybNQivcdAgLNdoSpL2A3LQXuLmCGncum8pa0H6yRcYGZwxQZ2c7ebyOqn0C17VGtYHiaavEpm1VFoWOuKCFmQ0R87gYHFD9KFV7Bj20gVXg4v5hlHxmVQcjCrsi-Vv56MukPEHcAaYbEjYdho-0F-7KESiOHAYFrXpw0pBA6chV1H1JwFccvak8Eif~X53RBPi-WSLyMK7wwk8vNqVeRtm~Goq4r1BDWNedDZTW4BHqbp6KqpXYrtCFsogOG-Qu8MCaEs2CSokQ__&Key-Pair-Id=K2TK3EG287XSFC)
Follow these steps to configure user import from Microsoft Entra ID:
Step 1: Add Domains
Add domains to sync users from Microsoft Entra ID. You can set up multiple domains with different field mapping and criteria for importing users.
- Go to the Microsoft Entra ID (Azure AD) page in ServiceDesk Plus.
- Under Domain Details, click Add New Domain.
- In the Add Domain pop-up, enter the following details:
- Domain Name: Name of the domain.
- Client ID: Azure application ID
- Client Secret: Client secret value in Azure.
- Token URL: Link to the Azure endpoint to obtain the access token.
- Click Save and Test Connection.
Refer here to obtain Client ID, Client Secret, and Token URL from Azure.
After the test connection is successful, the Field Mapping and User Import Settings section will appear in the Add Domain pop-up.
Step 2: Field Mapping
Map user detail fields for synchronization from Microsoft Entra ID in the Add Domain pop-up.
- In the drop-down fields displayed, select the ServiceDesk Plus fields and map them to the corresponding user fields in Microsoft Entra ID.
- On selecting field names from the ServiceDesk Plus column, the relevant Microsoft Entra ID fields will be automatically mapped. You can change the mapping of Microsoft Entra ID fields as required.
- Add or remove fields using the
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93bigxMCkucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0Mjc3NTk2fX19XX0_&Signature=U~SuQK3f5PFfqgN79vvo2k4LBMXXIRW6zOY2Fnafgyneb3pj~5vel7fMJJ-ti4umojtWAr6V2z4j2BJh89NAw2Gldtf~IhHCe9LT~B19QdzGiWCUGOwgMRG-NSk46efOYdmLTZkspBQshH-d26EMcdJ6E5xUqKy41cEv5wgkg7U4n~tquG9fIrm2-bTNJCwUaCdnS6DSC2yppYAsQn34SqTpTW-1KJX6hmRl~eYRxm7onY0w0MtUv1RoTzNvtcRcEJ20c6qTT-5EfIPDGdjLXmifj~4FZorDNI9lYGBlOWJ5dDBzRyOGCzwDEFE7KazQa3vqWbxjtrTLintGqPNUHA__&Key-Pair-Id=K2TK3EG287XSFC)
and .png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93bigxMSkucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0Mjc3NTk2fX19XX0_&Signature=q~rnUtgcSN-bE1kEZHCFuWS8kMIIFrBND0kSXRFw8hiYLcDbnOvj22z~eZb0xn9l0g1E8V~7eFqBTdzK0E14rQyiktB-Rs7Pai9EVy77SYjdhS1h2rOOhHXE1Jz8JEJ5e9gs2ICjgEf6J2lizyyD5SvwPqae11-gF7BJVlpFnc1mHxvSkP4YpONJjE-hH2ct32IEemqx~Sqko8x3o0-LqkUrygHHO7mzaE-njY4RWxhzFjSVWQYNvW2rogtrqk5BNSmzG0ih3i9Mp2mQLKeqqE6OOOL~zzX4NsEWFPrzA3gwreFeIOCVx3D~dcOd-mvxIy92UvxxtIhBT9bO9L9lug__&Key-Pair-Id=K2TK3EG287XSFC)
icons.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93bigxMikucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0Mjc3NTk2fX19XX0_&Signature=GAKMjDMhwNtIBWhnLSzT5xMDiGxCy1DH~~zD~Yz5IYkqUawiOtVwOPrfjdNb17TzK7vKRfp83q5OnZIfXyySGwFXcCKxHjbIRnfbB3blDitKi8hCaR0Gs9WfJQFGUDnAlxrSxpGaZHuNJYJX696N~VoTUpz57RI56ckAI~C3VvnIWHqpGZK1PKYWfI~Cxuxq8YKYAhiZrk6b2SDTPcv5BAflOYvQJQwOXu65Lr-eCAnS5qaVLI3d5ucXUdPPrzjPIyP12tik099JUsdTgXvmZSC~Ixo7X3HquiSHJs3dStWrJYls9NeRHQSpupe7CEIirRfHWIlTsPcfPVhi2ZDAyQ__&Key-Pair-Id=K2TK3EG287XSFC)
Name and Login Name fields are mandatory for fetching Azure users and cannot be removed .
The Reporting To field can be mapped only to the manager field in Azure AD.
Object ID, userPrincipalName, onPremisesUserPrincipalName, onPremisesDomainName, and onPremisesSamAccountName are imported by default.
Additional fields can also be used for field mapping in ServiceDesk Plus.
Step 3: User Import Settings
Schedule the user import for periodic sync or import users manually in the Add Domain pop-up.
- Scheduled Import:
- In the Schedule Configuration tab, choose to import users with or without criteria.
- Without Criteria: Imports all users automatically at the scheduled time.
- Based on Criteria: Imports users based on specified criteria. Select the criteria from the available drop-downs.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93bigxMykucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0Mjc3NTk2fX19XX0_&Signature=MFsAF8K6xVMOXpD9UgHHh6etjyZDs~iu9jxY-S9RuxdibzTlxvLRr5oyyfJP9gRGFVbGUmgD6zrtr~OtIl25CBVjcijSeyqcwMu6dZ2dvFi2I1M3AVK4F-uMGhu3l82szCC8ikdy~LS8K9VCeHKDJUhfr9xdGnmIoUwbj4CsoIlGI8V6AEU8EUNu7m6LzqTAipOaPFjfwjlDJ1mNxpDL0uyFNYFAHn094TsGmsUXT76Hf7wrVoPv-JGvskYCQebBrm20bvllUqLoCsL9dV8T4pldJdgjvZBtaAQaeKqQINsSx~tqnd7EHCdUJ2K3dv6ZONFdzD3bSSb1PoL788NefA__&Key-Pair-Id=K2TK3EG287XSFC)
- Manual Import:
- In the Import Once tab, enter the User Principal Name of users in the text box. You can import up to five users at a time.
- Click Import Now. This import will be executed instantly without any scheduling, and the count of added, overwritten, and failed records will be displayed.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93bigxNCkucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0Mjc3NTk2fX19XX0_&Signature=JzjDi6vgOCcDf9ZaHL5bwt6HBE7IzXK2rwzxJExCWdZbOHaonRN4nTOv~9MizE-WvoJzZIdGFYi2Ye4nQ-AHWKmYKr-~drhXORCgCLDTAUbg6~kn0NKBHiHpDh9MIOTpnnZlaiQU49K0fcalD65~59A3a5VrF3gA-H639hzvWmMV8EMNpG4niCn2qUk7ZP656Xf9U9G5kiEbKyT4ZsEnzIcvNwLnPvch6MH7iX-U9JROXvAUuEibHM7VpwCVzsv4dENc2yfhjkddk1XfNFQbkRtUMDL~27sX6SqpmgaZ2in0jfT40cwcZLHN8VMb3MQ1DjI2NsBsNW0NUbA~jsN6Tg__&Key-Pair-Id=K2TK3EG287XSFC)
When adding new users, the user's manager will be automatically included as a user. To prevent this, remove the manager field in the Field Mapping section.
When field mapping or user import criteria are changed, full import will be initiated for the next delta sync.
Step 4: Set a local authentication password for imported users
Set a default local authentication password for users imported from Microsoft Entra ID. Users can change this password after their first login.
- In the Microsoft Entra ID (Azure AD) page in ServiceDesk Plus, hover over the Local Authentication Password section, and click Edit.
- Generate a random password for each user or set a predefined password.
- Click Save.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93bigxNSkucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0Mjc3NTk2fX19XX0_&Signature=lUUb8XRMX4C27h5ubmxMuhVdQgGn-K4XYIg1PiAaD~ssZQw1JCmjGUpdJn5vj5XAQ5WMS76AaxvHMCfZ56GXvxm-f~J5uHmmlvM9H33xAlwvhm2QlvzhtMTqc9BKQSd4uj9-jEuqwKXXw8RtNMFLMdIki5wJhSfD086~ETp3TwLFuA9Dmvjr7Vav~8S0iF3Rh0-9n47~8P7LNjwbFmbbKxrOttHJxvMpTigpDxxshsh-2pFawTJ4BzphG6cf1cYRFT8R3jsXoqbtMPSsqe2LcW4LzM08krPFeTHjf6sWhw7r0utDvPOYGUZADYS91Xv4So98zOkNgd5rEhac0eL2Hw__&Key-Pair-Id=K2TK3EG287XSFC)
Ensure that the predefined password meets all password policy requirements.
Users will receive their password details via email. Configure email notifications for users under Admin > Automation > Notification Rules > Request > Send Self-service login details.
You can mandate users to update the default password after their first login under Admin > Security Settings > Password Policy for non-ESM setups and ESM Directory > Security Settings > Password Policy for ESM setups.
The local authentication password set for AD imported users is also applicable for users imported from CSV files.
Step 5: Schedule Microsoft Entra ID import
Schedule user import to synchronize user details periodically. Users and their details are synchronized with ServiceDesk Plus in two ways:
- Full Import: Syncs all user data.
- Delta Import: Syncs updated user details and newly added user accounts every hour.
When the schedule is enabled, both Full import and Delta import are automatically enabled. To enable the import schedule,
- On the Microsoft Entra ID (Azure AD) page in ServiceDesk Plus, hover over the Import Schedule field, and click Edit.
- Enable the schedule using the check box and specify the import frequency.
- Set the start date and time for the schedule.
- Click Save.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93bigxNikucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0Mjc3NTk2fX19XX0_&Signature=qhFcWOdqkPMZ-AAWHbGB0o8m46iH3kQ2rf~l8O0EpEM0KjnST7iVlu0~l1n2Ln7HNPyoY1FYzA4y-VjXOyxjLX10U-Anse30-Oy3pd2XDOMtAyMLz9Ost7ZPl0~I5T7bUQtYEk4XH2C~51m6RBgkRAlEeuzuGlo3TETnNAka978djoaOJ~U8J7yRtPCFK2SeT-D-5pv1JlfN~L2UuBAu3ldhsx9yU0ou7XL1I32TrVSWIIRsF92-9l~yS38fQjux4EWDC9LqA4~s6prdtCVAlDeMqjAKn4nGNIGWSBflwI-azapFDb0pOhZlZFts2KlhqJx-5ascx1SPfS~3rmVgGA__&Key-Pair-Id=K2TK3EG287XSFC)
The users will be imported per the schedule, and the user information will be updated every hour. You can view the last import time and the next scheduled time in the Import Schedule section.
The import summary will be notified to the Organization Admin (for ESM setup) and SDAdmins (for non-ESM setup) through bell notifications. It can be viewed under .png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93bigxNykucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0Mjc3NTk2fX19XX0_&Signature=QRvTpByZWnmbr~KsCGPYqvhmjbXQhCDOza6roLSZj2vJtuWieuEKJ-U55sBYpVYkbp8hCtfKJURxynNvAN1LfpuBV7l7-NmcnvyxwEvUTazVBINy2dpDEtZQ09LLlZVc4qt6fGXcH4bpqYz9SxEiQTs3MXMgxrRnN6aZBxzjDQsZcDgAUNqPnrg-9zKIuEkzEwR7B010RFmq116oVnuFT0UgHGLSEtqeJqCyoTzitfHcIA7tUgrU7u3QRZcoLPrHoOu2-y2dEgNNTixb7RAUSeNGIaPiTuL0ETszYy4zImAo5KfQjPHHSba0AUZllRbpSpX3~-Z5HpEyKCGEps5DwA__&Key-Pair-Id=K2TK3EG287XSFC)
, and will display the count of users added, updated, and failed. Additionally, a CSV file containing the User Principal Name of the failed users will be included.
User accounts may be overwritten if they meet specific conditions.
Learn more.
During delta sync, only import failures will be notified to the SDAdmin/Organization Admin.
Please perform a full sync at least once every 30 days to ensure that user details are up to date.
Step 6: Sync deleted users from Active Directory
Configure what happens to the user data in ServiceDesk Plus when they are deleted in Microsoft Entra ID.
You can either delete the users automatically or manually. Deleted users will be synced with ServiceDesk Plus during the configured full import schedule.
To configure the syncing of deleted users,
- On the Microsoft Entra ID (Azure AD) page in ServiceDesk Plus, hover over the Sync Deleted Users section, and click Edit.
- Choose your deletion method: Automatic or manual. Note that automatic deletion is applicable only to non-technician users.
- Click Save.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy84NjYvMTQyNjIvY2tmaW5kZXIvaW1hZ2VzL3F1LzIwMjUvdW5rbm93bigxOCkucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY0Mjc3NTk2fX19XX0_&Signature=ZSo-sV3hLt-RpdU7gIvMOekqHB6rSS~lKej0er7p6WNhqxqr4ZtcvyApmGly0AoTdrpYEHjAqYf~Ddsm6S2q~l--Wh1-pF0MoyZcPZMZYMgv-wLGrrWilbr-4CZSP8SPgqWtSGfuD6Leh-b5dJdd5c8MVV4Z6KyuetwYrBDmHKKyA-QOSEDsiyW0lWc~MdimcpGfhgmctbvPI~yFz2v-7tJpJbH7y~YTjs9gThHiXOG8JHP6dBCMaIo80FahpV6UsLXsaDlv5LDU9RY4aHh7WVM8DbeEHeApfcTo1FOvtj7wnmYa3L96zXatDP9gFhMblzkH2tqe2ndi5eRYAL8oEg__&Key-Pair-Id=K2TK3EG287XSFC)
If manual deletion is chosen, the SDAdmin/Organization Admin will receive a bell notification and a list of deleted users will be displayed upon clicking the notification.
If automatic deletion is chosen,
- Non-technicians will be automatically removed, and a bell notification indicating the number of deleted users will be sent to the SDAdmin/Organization Admin. Clicking the notification will open the system log with the deleted user information in a CSV file.
- Technicians will not be deleted automatically. Instead, the SDAdmin/Organization Admin will receive a bell notification and a list of deleted users will be displayed upon clicking the notification.
Additionally, the link to the deleted users list will be displayed on the Microsoft Entra ID page in ServiceDesk Plus and also under Admin > Users & Permission > Users/Technician tab. The SDAdmin/Organization Admin can review the list before removing the users from ServiceDesk Plus.
Authentication
Authenticate imported Entra ID users using SAML SSO - https://pitstop.manageengine.com/portal/en/kb/articles/configuring-saml-with-azure-ad-9-8-2020
Criteria to Overwrite User
The user will be overwritten if:
- ObjectID of an Azure user matches an existing user.
- onPremisesUserPrincipalName or onPremisesImmutableId of the Azure user matches the existing user's userPrincipalName or lookup_guid, respectively.
- OnPremiseDomainName and OnPremiseSamAccountName of the Azure user matches the domain name and login name of the existing user.
- Login name and the domain name of the Azure user match the existing user's login and domain name.
- Login name of the Azure user matches the login name of the existing user, but the domain is not associated with that user.
- Override user information based on email ID is enabled, and the email ID of the Azure user matches the email ID of the existing user.
This option can be enabled/disabled under General Settings > Advanced Portal Settings in non-ESM setups and ESM Directory > General Settings > Application Settings in ESM setups.
If none of the above criteria are met, a new account will be created for the Azure user.
onPremisesUserPrincipalName, onPremisesImmutableId, OnPremiseDomainName, OnPremiseSamAccountName fields will be available in Microsoft Entra ID only for users synced from OnPremise Active Directory.
Refer to the following Microsoft documentation to learn more about synching users from OnPremises Active Directory:
Adding an attribute mapping from AD to Microsoft Entra ID
Integrating a single forest with a single Microsoft Entra tenant