iProtect: Azure Active Directory

The iProtect-AzureAD integration is used to automatically synchronize user/person data stored in the iProtect system database with resources shared in the Microsoft Azure Active Directory (AzureAD) service. Based on the shared information retrieved from the AzureAD service, the basic personal data of users (including first and last name) will be updated in the iProtect system, and the validity of the access cards assigned to them will be checked and updated. The application synchronizes all users of both systems (iProtect and AzureAD) based on a parameter specified at the implementation stage, which is most often the so-called employee number. Additionally, it is possible to use optional filters to precisely specify user data retrieved from Azure Active Directory. After starting the integration, the data saved in the Microsoft Azure Active Directory service will be reflected in iProtect, including: in scope:- Activation or deactivation of a user account in Azure AD will result in granting or prohibiting the validity of access cards in iProtect, respectively.- Changing personal data, e.g. name or surname in Azure AD will change the data of the associated user in iProtect while leaving their permissions.- Deleting an Azure AD user will disable all cards of a given person in iProtect. This person's cards will be activated when a user with exactly the same employee ID as the deleted one appears in Azure AD.- Adding a new user in Azure AD will result in creating a new person in iProtect without assigned cards.- Azure AD accounts that do not have the correct attributes will not be synchronized. The above principle of operation can be adjusted to individual needs depending on the attributes.