Difference between revisions of "Azure User Import"
Jump to navigation
Jump to search
| (7 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| + | This document can now be found at its new location in the [https://docs.hornbill.com/data-imports-guide/users/azure/overview Hornbill Document Library]. | ||
| + | |||
| + | [[file:hornbill-document-library.png|Data Imports Guide|link=https://docs.hornbill.com/data-imports-guide/users/azure/overview]] | ||
| + | |||
| + | <!-- | ||
| + | |||
<div style="border:1px solid #90C0FF; background:#D0E0FF; width:99%; padding:4px; margin-bottom:10px;"> | <div style="border:1px solid #90C0FF; background:#D0E0FF; width:99%; padding:4px; margin-bottom:10px;"> | ||
{| style="width:100%" | {| style="width:100%" | ||
| Line 51: | Line 57: | ||
{ | { | ||
| + | "KeysafeKeyID": 0, /* this is the Keysafe key ID, which contains your database credentials */ | ||
"AzureConf": { | "AzureConf": { | ||
"UserFilter": "startswith(displayName,'Dave')", | "UserFilter": "startswith(displayName,'Dave')", | ||
| Line 209: | Line 216: | ||
<br> | <br> | ||
<br> | <br> | ||
| + | ===Keysafe=== | ||
| + | You will need to create a [[Hornbill_KeySafe|'''KeySafe record''']] of type "Azure Imports" and set Client ID, Client Secret and Tenant ID. The KeySafeID can be obtained from looking at the URL of the KeySafe record <nowiki>https://live.hornbill.com/</nowiki>'''instanceid'''<nowiki>/security/keysafe/</nowiki>''#KeySafeID''<nowiki>/</nowiki> | ||
| + | |||
| + | '''Note:''' There are relevant Microsoft instructions online on how to obtain the ClientID and ClientSecret from within Azure - [[Azure App Registration Instructions|our quickstart version]]. We have found that the following permissions need to be granted within Azure, though these could differ for you, so please rely on your own expertise. Application permissions on: ''Group.Read.All, GroupMember.Read.All, Team.ReadBasic.All, TeamMember.Read.All, User.Read.All''. Delegated permission on ''User.Read''. The permission settings need to be confirmed. | ||
| + | |||
=== Filtering === | === Filtering === | ||
| − | There are two methods of filtering users that you can configure with this tool. They are both defined in the '''AzureConf''' section | + | There are two methods of filtering users that you can configure with this tool. They are both defined in the configuration's ''AzureConf''' section. |
To import all direct User objects within one or more Azure Groups: | To import all direct User objects within one or more Azure Groups: | ||
| Line 261: | Line 273: | ||
== Preparing to Run the Import == | == Preparing to Run the Import == | ||
| − | Ultimately, the executable will be scheduled in Windows task scheduler (see later) but to test, gain confidence, and perform the initial upload of users the utility can be executed from a command prompt window on an ad-hoc basis. The command used to execute the import can contain a number of command line parameters. | + | Ultimately, the executable will be scheduled in the Windows task scheduler (see later) but to test, gain confidence, and perform the initial upload of users the utility can be executed from a command prompt window on an ad-hoc basis. The command used to execute the import can contain a number of command line parameters. |
| − | * dryrun - Defaults to '''''false''''' - Set to True and the XMLMC for Create and Update users will not be called | + | * dryrun - Defaults to '''''false''''' - Set to True and the XMLMC for Create and Update users will not be called; instead, the XML will be dumped to the log file to aid in debugging the initial connection information. |
* file - Defaults to '''''conf.json''''' - Name of the Configuration file to load | * file - Defaults to '''''conf.json''''' - Name of the Configuration file to load | ||
* zone - Defaults to '''''eur''''' - Allows you to change the ZONE used for creating the XMLMC EndPoint URL: <nowiki>https://{ZONE}api.hornbill.com/{INSTANCE}/</nowiki> | * zone - Defaults to '''''eur''''' - Allows you to change the ZONE used for creating the XMLMC EndPoint URL: <nowiki>https://{ZONE}api.hornbill.com/{INSTANCE}/</nowiki> | ||
| − | * workers - Defaults to `3` - Allows you to change the number of worker threads used to process the import | + | * workers - Defaults to `3` - Allows you to change the number of worker threads used to process the import; this can improve performance on slow import but using too many workers have a detriment to the performance of your Hornbill instance. |
* debug - Defaults to '''''false''''' - outputs extra information to the log to help with debugging issues. | * debug - Defaults to '''''false''''' - outputs extra information to the log to help with debugging issues. | ||
| − | From version '''4.0.0''' of the Azure User Import Utility, when you first run the utility it will prompt you for | + | From version '''4.0.0''' of the Azure User Import Utility, when you first run the utility it will prompt you for two vital pieces of information: |
* The Instance ID (also referred to as the instance name) can be found in the URL used by your organisation to access your Hornbill instance i.e. <nowiki>https://live.hornbill.com/</nowiki>'''instanceid'''/ (case sensitive). | * The Instance ID (also referred to as the instance name) can be found in the URL used by your organisation to access your Hornbill instance i.e. <nowiki>https://live.hornbill.com/</nowiki>'''instanceid'''/ (case sensitive). | ||
* A valid API key. This needs to be created against a Hornbill user account with enough rights to create and update user accounts. Details on how to create an API key can be found [[API_keys|'''here''']]. | * A valid API key. This needs to be created against a Hornbill user account with enough rights to create and update user accounts. Details on how to create an API key can be found [[API_keys|'''here''']]. | ||
| − | |||
| − | |||
| − | This information will be encrypted | + | This information will be encrypted and stored locally on the client PC that will be running the tool. For each subsequent import run, the utility will decrypt your instance ID and API key and will use those to make the relevant API calls back into Hornbill. |
| − | NOTE - the encrypted information can only be decrypted on the computer | + | NOTE - the encrypted information can only be decrypted on the computer and by the user that performed the encryption, so please keep this in mind when scheduling your imports. |
| − | Should you wish to use a different API key or Keysafe Key ID to what has been previously encrypted, | + | Should you wish to use a different API key or Keysafe Key ID to what has been previously encrypted, delete the '''import.cfg''' file from the folder where the import binary resides, and re-run your import from the command line inputting the requested details as you would have on its first run. |
== Testing Overview == | == Testing Overview == | ||
| Line 369: | Line 379: | ||
[[File:Ldap_import_schedule.png]] | [[File:Ldap_import_schedule.png]] | ||
| + | |||
| + | --> | ||
