Configuring Active Directory Synchronization - Basic (Azure)

Owned by Kiss, Mate
Feb 26, 2024
5 min read

In small or medium-sized Verba deployments, usually only a few Active Directory Synchronization Profiles are configured. When the only requirement is synchronizing the recorded users, even one profile is enough.

In the case of these basic setups, AD users separated by security groups based on the purpose of the users in Verba. These users then synchronized into Verba by Active Directory Synchronization Profiles tied to these groups.

The disadvantage of this kind of setup is, that in case of many different user setting combinations in the Verba side, lof of security groups would be required because of the combination of the settings (E.g: Voice recorded, IM recorded, Voice and IM Recorded, etc.). In cases like this, see Configuring Active Directory Synchronization - Advanced.

Synchronization Profile Sequence

The Sequence setting of the AD Synchronization Profiles determines the executon order of the profiles. It starts from the smallest one. In case of using a basic setup of AD Synchronization Profiles, this setting is important when a user is member of multiple synchronized AD security groups. Once a user gets syncronized by the first profile based on the sequence, it won't be modified any more by the subsequent profiles.

Prerequisites

Before creating the Verba Active Directory Synchronization Profile, a Connector App has to be registered in the Azure portal: Registering a Connector App for Azure AD

Configuring Azure AD Synchronization for Recorded Users

Step 1 - Go to the Users \ Active Directory Synchronization menu.

Step 2 - Click on the Add New Active Directory Profile link in the upper right corner.

Step 3 - Provide a Description.

Step 4 - Set the Active Directory Type to Azure AD.

Step 5 - Provide the Tenant ID and the Application ID. These IDs can be found in the Azure portal by going to the Azure Active Directory \ App registrations (Preview) menu, and selecting the App:

Step 6 - Provide the Application Secret Pass. It can be gathered when registering the Connector App.

Step 7 - Scroll down to the bottom of the page, then click on the Save button.

Step 8 - Under the Azure AD Information section, a Login button appears. Click on that button.

Step 9 - The page will redirect to the Azure login screen. Log in with your Azure credentials, then accept the permissions requested by the application. The page will redirect back to the Verba Web Application.

Step 10 (Optional) - If you want to synchronize users based on user filter, for example, based on department, then set the Azure Search Base Entry setting to User. In the case of user filter based synchronization, skip the Steps 11-14, and see the side note for instructions.

Step 11 - Provide a group search filter at the Azure AD Entry Search Filter setting. For example, for searching for groups with name starting with "ad", provide " startswith(displayName,'ad') ".

Step 12 - Click Select Groups.

Step 13 - The results will appear based on the filter provided in a new window. Select the groups that you want to use for synchronizing the users.

Step 14 - Click on the Update Active Directory Profile Configuration button. The selected groups will appear in the Synchronization Profile configuration.

Step 15 - Configure the phone number and/or SIP URI mapping(s) under the Phone Numbers section.

Step 1 - Click on the  icon in order to add a new mapping.

Step 2 - Provide the user property of the Azure AD users to be synchronized into Verba as recorded extension (phone number or SIP URI).

Step 3 - If the whole phone number or SIP URI has to be synchronized, then provide the "(.*)" regex value in the Pattern to Match text box.

Step 4 - If no number or SIP URI transformation needed, then provide "$1" in the Conversion Rule text box.

Step 5 - Repeat the steps if multiple phone numbers and/or SIP URIs have to be synchronized.


Number and SIP URI conversion

There are cases when only a portion of the phone number or SIP URI is needed, or it has to be built from multiple elements.

If a portion of the phone number has to be cut down, modify the Pattern to Match value, so the part within brakets will match only the required part of the number. For example, lets say all the numbers in the AD starts with 001, but it's not required for the recording. In this case, the "001(.*)" pattern can be used.

In other cases, the value found in the AD LDAP attribute is not enough, so we have to extend it. Lets say the SIP URIs are not stored in the AD, but the sAMAccountName is the same as the first part of the SIP URI. In this case, extend the Conversion Rule setting with the SIP domain part: $1@contoso.com

Step 16 - Click on the New Users' Properties tab on the top.

Step 17 - Set the recording setting of the synchronized users under the Recording Settings section.

Step 18 - Click Save.

Configuring AD Synchronization for Supervisors or other users

Step 1 - Complete the steps 1-14 from the Configuring Azure AD Synchronization for Recorded Users section in order to set the basic settings of the Azure AD Synchronization profile.

Step 2 - Click on the New Users' Properties tab on the top.

Step 3 - Tick the role(s) that is required for the synchronized users under the Available Roles section.

Step 4 - Click Save.

Troubleshooting

The most common problems and their solutions are listed in the Troubleshooting Azure Active Directory Synchronization article.

Using User filter instead of Group filter

(the part after https://graph.microsoft.com/v1.0/users?$filter=").

For example: " department eq 'callcenter' ".

For the filter parameters and the user properties, see:
https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter
https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0