Configuring the Identity Synchronization Service after manually configuring Azure AD Integration
KB003132
PRODUCT
This article describes the steps you need to perform if you have manually configured AAD integration in K2 and you are using the Identity Synchronization Service. You cannot configure an identity sync with AAD, meaning that users cannot log in to K2 sites and forms, until you do this additional configuration.
See the following topics for more information:
- Manually configuring K2 for AAD in the Installation and Configuration Guide
- KB002707: Identity Synchronization and Caching for information on installing and using the service
Use the information in this article to set up the Identity Synchronization Service to sync identities with AAD. In these steps you configure the following:
- A Provider
- A Provider Instance
- Provider Instance Runtime Config entries
Steps
Log into In K2 Management as a K2 administrator and browse to Categories > System > Sync Service.
Step 1 - Confirm an Azure type exists in the Sync Service provider types
- Select the Provider Type SmartObject and execute the List Provider Type method. Note the name of the Azure provider type for use later (AzureAD).
Step 2 - Check the list of Providers and confirm the Provider name
- Select the Provider SmartObject and execute the List Providers method.
- The default Provider Names are:
- K2 - default Active Directory provider
- SP - default SharePoint provider
- K2SQL - default SQL user manager provider
Step 3 - If there is no provider for Azure (AAD), create one using these steps, otherwise go to Step 4
- Execute the Add Provider method of the Provider SmartObject
- Enter values for the method properties like this:
Property Value Description Provider Type AzureAD This is the name of the Azure type from step 1 Provider Name AAD This is the name you refer to in later steps. You can use anything, but K2 recommends a name you associate with Azure Enabled Yes You can enable or disable providers. As you are creating a provider, enter Yes to enable it - The results page shows you the provider details.
Step 4 - Create a Provider Instance
- Select the Provider Instance SmartObject and execute the Add Provider Instance method.
- Enter the Provider Name from the previous step.
- Leave the Provider Instance Name value empty.
- Enable the instance by entering Yes.
Step 5 - Create two Provider Instance Runtime Config entries for the new provider instance
- Select the Provider Instance Runtime Config SmartObject and execute the Set Provider Instance Runtime Config Entry method.
- Entry 1 - Enter the following values:
Property Value Description Provider Name AAD The Provider Name created in step 3 Provider Instance Name Leave this field empty Config Key aad.oAuthResourceId The configuration key name Config Value {OAuth Resource ID (GUID)} This value is the unique GUID for the OAuth resource you created when manually configuring K2 for AAD. Copy the GUID from the Authorization.OAuthResource table of your K2 database. See the image below as an example where you're looking for the GUID of the Microsoft Online AppOnly resource. - Entry 2 - Enter the following values:
Property Value Description Provider Name AAD The Provider Name created in step 3 Provider Instance Name Leave this field empty Config Key aad.tenantDomain The new config key name Config Value {Your Azure tenant ID} Your Azure tenant ID (GUID)
After you make these entries, run the Get Provider Instance Runtime Config Entries method of the Provider Instance Runtime Config SmartObject and confirm the results:
You can now run the first sync and configure scheduled syncs as described in the KB article KB002707: Identity Synchronization and Caching.