Syncing User Information from Entra ID πŸ”„βœ¨

Relevant Products

BREEZE MFP PRO MFP

Cards, PINs, and Departments Made Simple!

Want to pull user information like departments, card IDs, or PINs directly from your Microsoft Entra ID into SAFEQ Cloud? This guide will walk you through the process without the technical jargon overload.

This setup is perfect for getting department information into your reports, enabling card authentication at MFDs, or using PINs stored in your directory.

What This Achieves (The Big Picture) 🎯

Once set up, SAFEQ Cloud will automatically pull:

  • Department information for accurate reporting

  • Card IDs stored in Entra ID for MFD authentication

  • PINs for alternative login methods

  • Any custom attributes you've set up in your directory

Users don't see card IDs or PINs in the web interface, but they work perfectly for authentication. It's like having a secret handshake that just works! 🀝

Prerequisites (What You Need First) πŸ“‹

Before we start this synchronization journey:

  • Service Account Authentication must be set up in SAFEQ Cloud

    • If you haven't done this yet, check out our Entra ID Service Account guide first

  • User information properly filled in Entra ID (departments, card IDs, etc.)

  • Admin access to both Entra ID and SAFEQ Cloud

Phase 1: Prepare Your Entra ID Data πŸ—οΈ

Step 1: Make Sure Your User Data is Ready

First, let's verify that the information actually exists in Entra ID:

  1. Check your users have the data you want to sync

    • Departments filled in? βœ…

    • Card IDs stored somewhere? βœ…

    • PINs in custom attributes? βœ…

Step 2: Test Your Data with Graph Explorer

This sounds scary but it's actually pretty easy - you're basically asking Entra ID "Hey, show me what you know about users!"

  1. Go to Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer

  2. Sign in as a user who has the department information filled in

  3. Run this query to see what's available:

    https://graph.microsoft.com/v1.0/me?$select=displayName,givenName,department,userPrincipalName

  4. Check the results - you should see the department and other info displayed

If you don't see the data you expect, you'll need to fill it in Entra ID before continuing!

Phase 2: Understanding Attribute Types 🏷️

This is just knowing where your data lives in Entra ID!

Standard Attributes (The Easy Ones):

  • department: Just use "department"

  • userPrincipalName: The user's email-style login

  • displayName: Their full name

Extension Attributes (The Slightly Trickier Ones):

If you're using custom fields that came from on-premises AD:

  • Format: extensionAttribute1, extensionAttribute2, etc. (up to extensionAttribute15)

  • Example: If card IDs are in extensionAttribute5, you just use "extensionAttribute5"

Directory Extensions (The Complex Ones):

If you created custom attributes in Entra ID:

  • Format: extension_[AppID]_[AttributeName]

  • Example: extension_12345678_cardID

  • You'll need to find the exact name using Graph Explorer

Pro tip: Start with standard or extension attributes if possible - they're much simpler to work with!

Phase 3: Configure SAFEQ Cloud πŸ”§

Step 1: Open Your Authentication Provider

  1. Go to SAFEQ Cloud Web UI

  2. Navigate to Users β†’ Authentication providers

  3. Find your Microsoft Entra ID provider (the one with Service Account Authentication enabled)

  4. Click to edit it

Step 2: Configure Custom Attributes

  1. Find the "Service Account Authentication" section

  2. Click "Show" next to "Custom attributes"

  3. Map your attributes based on what you want to sync:

For Department Information:

  • Department field: Enter "department"

  • This is the most common scenario - departments for reporting

For Card IDs:

  • Card ID field: Enter the attribute name where your card IDs are stored

    • Standard: "extensionAttribute1" (or whichever number you use)

    • Directory Extension: "extension_12345678_cardID" (use your actual format)

For PINs/Short IDs:

  • Short ID field: Enter the attribute name where PINs are stored

    • Usually something like "extensionAttribute2"

Step 3: Save Your Configuration

  1. Click "Save" πŸŽ‰

Phase 4: Trigger the Sync πŸš€

Now comes the fun part - making it all work!

The Sync Process:

The sync happens automatically when users authenticate, but you can speed things up:

  1. Users need to log in through this authentication provider

    • Web UI login works

    • PC Client login works

    • Any authentication through your Entra ID provider triggers the sync

  2. Wait for the magic to happen (usually pretty quick!)

  3. Verify it worked:

    • Go to SAFEQ Cloud β†’ Users

    • Select your Microsoft Entra ID provider

    • Search for a test user

    • Check their details - you should see department, card info, etc.

Verification and Testing πŸ§ͺ

Check That Everything Worked:

  1. User Profile Check:

    • Find a user in SAFEQ Cloud Users section

    • Verify department appears in their profile

    • Note: Card IDs and PINs won't show in the web UI, but they'll work for authentication

  2. Report Testing:

    • Generate a report

    • Check if department information appears in job records

    • This is where the department sync really shines!

  3. Authentication Testing:

    • Try card authentication at an MFD (if you synced card IDs)

    • Test PIN login (if you synced PINs)

    • Users should be able to authenticate even though they can't see these values in the web UI

Common Scenarios & Examples πŸ“

Scenario 1: Department Reporting

Goal: Show departments in accounting reports Attribute to sync: department Configuration: Put "department" in the Department field Result: All print jobs show user departments in reports

Scenario 2: Card Authentication

Goal: Use existing card IDs from on-prem AD Attribute to sync: extensionAttribute3 (where card IDs are stored) Configuration: Put "extensionAttribute3" in the Card ID field
Result: Users can authenticate at MFDs using their existing cards

Scenario 3: PIN Authentication

Goal: Enable PIN login at MFDs Attribute to sync: extensionAttribute7 (where PINs are stored) Configuration: Put "extensionAttribute7" in the Short ID field Result: Users can enter PINs at MFDs to authenticate

Troubleshooting πŸ€”

"I Don't See Any Department Information!"

  • Check Entra ID data: Use Graph Explorer to verify the department field is populated

  • Verify authentication: Has the user logged in through the provider since configuration?

  • Check attribute mapping: Make sure you used "department" (not "Department" or "DEPARTMENT")

  • Wait and retry: Sometimes it takes a login cycle to refresh

"Card Authentication Isn't Working!"

  • Verify the attribute exists: Use Graph Explorer to check the card ID field

  • Check the attribute name: extensionAttribute1 vs extension_app123_cardID format

  • Test with a known user: Pick someone whose card ID you can verify

  • Remember: Card IDs won't show in web UI, but should work at MFDs

"Graph Explorer Shows No Data!"

  • Check user permissions: The test user needs to have the data filled in

  • Verify the query: Copy/paste the exact query from this guide

  • Try a different user: Maybe the first one doesn't have department filled in

  • Check authentication: Make sure you're logged into Graph Explorer properly

"Sync Worked Once But Stopped!"

  • Check service account: Make sure it's still active and password hasn't expired

  • Verify app permissions: Graph API permissions might have changed

  • Test authentication provider: Try logging in through it to trigger a refresh

  • Review error logs: SAFEQ Cloud logs might show sync issues

Summary

Congratulations! You've successfully connected SAFEQ Cloud to your Entra ID directory for automatic user information synchronization. Your reports will now show proper department information, users can authenticate with their existing cards and PINs, and everything happens automatically behind the scenes.

This setup makes life easier for everyone:

  • Users get seamless authentication with their existing credentials

  • Administrators get accurate reporting with department information

  • IT teams don't have to manually manage card IDs and PINs

  • Managers get proper cost center attribution in print reports

You've essentially created a bridge that keeps user information synchronized automatically. Every time someone logs in, their information gets refreshed from Entra ID. It's like having a personal assistant who never forgets to update the user database!

Pro tip: Once this is working, document which attributes you're using where. Future you (and your replacement) will thank you for the clear documentation! πŸ“