<{{Subtitle_Weight}} class="prominent-subhead {{Show_Subtitle}}"> {{Header_Subtitle}}

Configuring the Identity Synchronization Service after manually configuring Azure AD Integration


This article describes the steps you need to perform if you have manually configured AAD integration in K2 and you are using the Identity Synchronization Service. You cannot configure an identity sync with AAD, meaning that users cannot log in to K2 sites and forms, until you do this additional configuration.

See the following topics for more information:

Use the information in this article to set up the Identity Synchronization Service to sync identities with AAD. In these steps you configure the following:

  • A Provider
  • A Provider Instance
  • Provider Instance Runtime Config entries
Identity syncing between K2 and AAD cannot occur without this information.


Log into In K2 Management as a K2 administrator and browse to Categories > System > Sync Service.

Step 1 - Confirm an Azure type exists in the Sync Service provider types

  1. Select the Provider Type SmartObject and execute the List Provider Type method. Note the name of the Azure provider type for use later (AzureAD).

Step 2 - Check the list of Providers and confirm the Provider name

  1. Select the Provider SmartObject and execute the List Providers method.
  2. The default Provider Names are:
    • K2 - default Active Directory provider
    • SP - default SharePoint provider
    • K2SQL - default SQL user manager provider

Step 3 - If there is no provider for Azure (AAD), create one using these steps, otherwise go to Step 4

  1. Execute the Add Provider method of the Provider SmartObject
  2. Enter values for the method properties like this:
    Provider Type AzureAD This is the name of the Azure type from step 1
    Provider Name AAD This is the name you refer to in later steps. You can use anything, but K2 recommends a name you associate with Azure
    Enabled Yes You can enable or disable providers. As you are creating a provider, enter Yes to enable it
  3. The results page shows you the provider details.

Step 4 - Create a Provider Instance

  1. Select the Provider Instance SmartObject and execute the Add Provider Instance method.
  2. Enter the Provider Name from the previous step.
  3. Leave the Provider Instance Name value empty.
  4. Enable the instance by entering Yes.

Step 5 - Create two Provider Instance Runtime Config entries for the new provider instance

  1. Select the Provider Instance Runtime Config SmartObject and execute the Set Provider Instance Runtime Config Entry method.
  2. Entry 1 - Enter the following values:
    Provider Name AAD The Provider Name created in step 3
    Provider Instance Name Leave this field empty
    Config Key aad.oAuthResourceId The configuration key name
    Config Value {OAuth Resource ID (GUID)} This value is the unique GUID for the OAuth resource you created when manually configuring K2 for AAD. Copy the GUID from the Authorization.OAuthResource table of your K2 database. See the image below as an example where you're looking for the GUID of the Microsoft Online AppOnly resource. 

  3. Entry 2 - Enter the following values:
    Provider Name AAD The Provider Name created in step 3
    Provider Instance Name Leave this field empty
    Config Key aad.tenantDomain The new config key name
    Config Value {Your Azure tenant ID} Your Azure tenant ID (GUID)

    After you make these entries, run the Get Provider Instance Runtime Config Entries method of the Provider Instance Runtime Config SmartObject and confirm the results:
Editing the K2 database can have serious, unexpected consequences that can cause system instability or break K2 components. You should not edit the K2 database unless you are familiar with the procedure and tools to do so, and K2 strongly recommends backing up your K2 database before making any changes. Making unauthorized changes to your K2 database may put your K2 environment into an unsupported state.

You can now run the first sync and configure scheduled syncs as described in the KB article KB002707: Identity Synchronization and Caching.