This article describes the steps you need to perform if you have manually configured AAD integration in K2 and you are using the Identity Synchronization Service. You cannot configure an identity sync with AAD, meaning that users cannot log in to K2 sites and forms, until you do this additional configuration.

See the following topics for more information:

Use the information in this article to set up the Identity Synchronization Service to sync identities with AAD. In these steps you configure the following:

  • A Provider
  • A Provider Instance
  • Provider Instance Runtime Config entries
Identity syncing between K2 and AAD cannot occur without this information.

Steps

Log into In K2 Management as a K2 administrator and browse to Categories > System > Sync Service.

Step 1 - Confirm an Azure type exists in the Sync Service provider types

  1. Select the Provider Type SmartObject and execute the List Provider Type method. Note the name of the Azure provider type for use later (AzureAD).
    Image

Step 2 - Check the list of Providers and confirm the Provider name

  1. Select the Provider SmartObject and execute the List Providers method.
  2. The default Provider Names are:
    • K2 - default Active Directory provider
    • SP - default SharePoint provider
    • K2SQL - default SQL user manager provider
      Image

Step 3 - If there is no provider for Azure (AAD), create one using these steps, otherwise go to Step 4

  1. Execute the Add Provider method of the Provider SmartObject
  2. Enter values for the method properties like this:
    PropertyValueDescription
    Provider TypeAzureADThis is the name of the Azure type from step 1
    Provider NameAADThis is the name you refer to in later steps. You can use anything, but K2 recommends a name you associate with Azure
    EnabledYesYou can enable or disable providers. As you are creating a provider, enter Yes to enable it
  3. The results page shows you the provider details.
    Image

Step 4 - Create a Provider Instance

  1. Select the Provider Instance SmartObject and execute the Add Provider Instance method.
  2. Enter the Provider Name from the previous step.
  3. Leave the Provider Instance Name value empty.
  4. Enable the instance by entering Yes.
    Image

Step 5 - Create two Provider Instance Runtime Config entries for the new provider instance

  1. Select the Provider Instance Runtime Config SmartObject and execute the Set Provider Instance Runtime Config Entry method.
  2. Entry 1 - Enter the following values:
    PropertyValueDescription
    Provider NameAADThe Provider Name created in step 3
    Provider Instance NameLeave this field empty
    Config Keyaad.oAuthResourceIdThe configuration key name
    Config Value{OAuth Resource ID (GUID)}This value is the unique GUID for the OAuth resource you created when manually configuring K2 for AAD. Copy the GUID from the Authorization.OAuthResource table of your K2 database. See the image below as an example where you're looking for the GUID of the Microsoft Online AppOnly resource. 

    Image
  3. Entry 2 - Enter the following values:
    PropertyValueDescription
    Provider NameAADThe Provider Name created in step 3
    Provider Instance NameLeave this field empty
    Config Keyaad.tenantDomainThe new config key name
    Config Value{Your Azure tenant ID}Your Azure tenant ID (GUID)

    After you make these entries, run the Get Provider Instance Runtime Config Entries method of the Provider Instance Runtime Config SmartObject and confirm the results:
    Image
Editing the K2 database can have serious, unexpected consequences that can cause system instability or break K2 components. You should not edit the K2 database unless you are familiar with the procedure and tools to do so, and K2 strongly recommends backing up your K2 database before making any changes. Making unauthorized changes to your K2 database may put your K2 environment into an unsupported state.

You can now run the first sync and configure scheduled syncs as described in the KB article KB002707: Identity Synchronization and Caching.