Difference between revisions of "Azure User Import"

<div style="border:1px solid #90C0FF; background:#D0E0FF; width:99%; padding:4px; margin-bottom:10px;">

<div style="border:1px solid #90C0FF; background:#D0E0FF; width:99%; padding:4px; margin-bottom:10px;">

{| style="width:100%"

{| style="width:100%"

|}

|}

</div>

</div>

== About the Hornbill Azure User Import Utility ==

== About the Hornbill Azure User Import Utility ==

The utility provides a simple, safe and secure way to create user accounts on the Hornbill platform by synchronizing with accounts held in your Azure AD.  The tool is designed to run behind your corporate firewall, connect to your Azure instance, query the required account information, transform and load into the Hornbill instance.  The tool connects to the Hornbill and Azure instances in the cloud over HTTPS/SSL so as long as you have standard internet access then you should be able to use tool without the need to make any firewall configuration changes.  The tool supports both the initial bulk import as well as incremental adds and updates.  You can schedule the tool to run periodically to perform the import/update tasks as required.

The utility provides a simple, safe and secure way to create user accounts on the Hornbill platform by synchronizing with accounts held in your Azure AD.  The tool is designed to run behind your corporate firewall, connect to your Azure instance, query the required account information, transform and load into the Hornbill instance.  The tool connects to the Hornbill and Azure instances in the cloud over HTTPS/SSL so as long as you have standard internet access then you should be able to use tool without the need to make any firewall configuration changes.  The tool supports both the initial bulk import as well as incremental adds and updates.  You can schedule the tool to run periodically to perform the import/update tasks as required.

== Installation Overview ==

== Installation Overview ==

=== Windows Installation ===

=== Windows Installation ===

* Extract zip into a folder you would like the application to run from e.g. '''C:\Hornbill_Import\'''

* Extract zip into a folder you would like the application to run from e.g. '''C:\Hornbill_Import\'''

* Open Command Line Prompt as Administrator

* Open Command Line Prompt as Administrator

* Change Directory to the folder with azure_user_import.exe '''C:\Hornbill_Import\'''

* Change Directory to the folder with azure_user_import.exe '''C:\Hornbill_Import\'''

== HTTP Proxies ==

== HTTP Proxies ==

== Configuration Overview ==

== Configuration Overview ==

   {

   {

     "AzureConf": {

     "AzureConf": {

         "UserFilter": "startswith(displayName,'Dave')",

         "UserFilter": "startswith(displayName,'Dave')",

             "employeeId",

             "employeeId",

             "mailNickname",

             "mailNickname",

             "department"

             "department"

         ],

         ],

         "UserID": "mail",

         "UserID": "mail",

         "Debug": false,

         "Debug": false,

         "Search":"groups",

         "Search":"groups",

         "UsersByGroupID":[

         "UsersByGroupID":[

     "User": {

     "User": {

       "Operation":"Both", /* options : Create/Update/Both ; import actions to perform on the discovered user records */

       "Operation":"Both", /* options : Create/Update/Both ; import actions to perform on the discovered user records */

       "AccountMapping":{ /* mapping of fields in the format: "Field in Hornbill": "data to insert" [4] */

       "AccountMapping":{ /* mapping of fields in the format: "Field in Hornbill": "data to insert" [4] */

           "UserID":"&#123;&#123;.mail&#125;&#125;",

           "UserID":"&#123;&#123;.mail&#125;&#125;",

           "JobTitle":"",

           "JobTitle":"",

           "Site":"1", /* if set, see also comments below on SiteLookup [8] */

           "Site":"1", /* if set, see also comments below on SiteLookup [8] */

           "Email":"&#123;&#123;.mail&#125;&#125;",

           "Email":"&#123;&#123;.mail&#125;&#125;",

           "Mobile":"",

           "Mobile":"",

           "CurrencySymbol":"", /* any character */

           "CurrencySymbol":"", /* any character */

           "CountryCode":"" /* expects ISO 3166 Alpha 2 two Character Country Code [https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes (see here)] */

           "CountryCode":"" /* expects ISO 3166 Alpha 2 two Character Country Code [https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes (see here)] */

         },

         },

         "Type":{

         "Type":{

           "MiddleName":"",

           "MiddleName":"",

           "JobDescription":"",

           "JobDescription":"",

           "Qualifications":"",

           "Qualifications":"",

           "Interests":"",

           "Interests":"",

         },

         },

         "Manager":{

         "Manager":{

         }

         }

       }

       }

     }

     }

       "Action":"Both" /* options : Create/Update/Both ; on what action to change the Image */

       "Action":"Both" /* options : Create/Update/Both ; on what action to change the Image */

       , "UploadType": "AZURE" /* options : URI/URL/AZURE ; local (network) drive or HTTP(S) served image */

       , "UploadType": "AZURE" /* options : URI/URL/AZURE ; local (network) drive or HTTP(S) served image */

       , "InsecureSkipVerify": false

       , "InsecureSkipVerify": false

       , "ImageType": "jpg" /* options : jpg/png */

       , "ImageType": "jpg" /* options : jpg/png */

     }

     }

     , "Site":{

     , "Site":{

       , "Value": "&#123;&#123;.physicalDeliveryOfficeName&#125;&#125;"

       , "Value": "&#123;&#123;.physicalDeliveryOfficeName&#125;&#125;"

     }

     }

   }

   }

# The fields are quite self-explanatory and part of the "Details"-section (as opposed to the "About"-section [5]), most can be left as-is. The mapping is done with some templating of the format &#123;&#123;fieldname&#125;&#125;. One can be a little adventurous, for instance "&#123;&#123;.mgrfirstname&#125;&#125; - &#123;&#123;.mgrlastname&#125;&#125;" puts a space, hyphen and space between the person's manager's first and last name. One can use this to prefix or suffix the values coming from the database or indeed to set a static value (as done for example with userType and Attribute under OrgLookup for the company (Type:5)).

# The fields are quite self-explanatory and part of the "Details"-section (as opposed to the "About"-section [5]), most can be left as-is. The mapping is done with some templating of the format &#123;&#123;fieldname&#125;&#125;. One can be a little adventurous, for instance "&#123;&#123;.mgrfirstname&#125;&#125; - &#123;&#123;.mgrlastname&#125;&#125;" puts a space, hyphen and space between the person's manager's first and last name. One can use this to prefix or suffix the values coming from the database or indeed to set a static value (as done for example with userType and Attribute under OrgLookup for the company (Type:5)).

# this is a non-ordered list of the organisation structure - it allows one to associate the imported user to one or more levels within the organisation. The delivered configuration file will associate each imported user with EACH of the three discernable levels (company, department and division) - depending on your requirements regarding the availability of services and such, you will likely want to manipulate this section and perhaps only leave behind the "department" level (Type: 2) with the TasksView and TasksAction set accordingly. Please note that this import only adds and not REMOVES any association.

# this is a non-ordered list of the organisation structure - it allows one to associate the imported user to one or more levels within the organisation. The delivered configuration file will associate each imported user with EACH of the three discernable levels (company, department and division) - depending on your requirements regarding the availability of services and such, you will likely want to manipulate this section and perhaps only leave behind the "department" level (Type: 2) with the TasksView and TasksAction set accordingly. Please note that this import only adds and not REMOVES any association.

# The password field should be left empty as the utility generates a secure password that adheres to the User Password Policy as specified on your Hornbill instance. This password will only be temporary as the user should use the "Forgot Password" link available on the Hornbill Login Screen to reset their password the first time they navigate to your Hornbill instance.

# The password field should be left empty as the utility generates a secure password that adheres to the User Password Policy as specified on your Hornbill instance. This password will only be temporary as the user should use the "Forgot Password" link available on the Hornbill Login Screen to reset their password the first time they navigate to your Hornbill instance.

# "Site" - Recognises a corresponding Hornbill site ID. E.g. "Site":"1" - The value of Site should be numeric. As an alternative, the import configuration provides a "Site Lookup" section (outlined in a later section) which can make a site association based on the contents of a directory attribute.

# "Site" - Recognises a corresponding Hornbill site ID. E.g. "Site":"1" - The value of Site should be numeric. As an alternative, the import configuration provides a "Site Lookup" section (outlined in a later section) which can make a site association based on the contents of a directory attribute.

<br>

<br>

<br>

<br>

=== Filtering ===

=== Filtering ===

To import all direct User objects within one or more Azure Groups:

To import all direct User objects within one or more Azure Groups:

# If a match is found, the import will associate the user to the group.

# If a match is found, the import will associate the user to the group.

# If no Hornbill organisation is found, the import will move onto the next user.

# If no Hornbill organisation is found, the import will move onto the next user.

<br>

<br>

<br>

<br>

====User Manager Mapping in Hornbill====

====User Manager Mapping in Hornbill====

== Preparing to Run the Import ==

== Preparing to Run the Import ==

* file - Defaults to '''''conf.json''''' - Name of the Configuration file to load

* file - Defaults to '''''conf.json''''' - Name of the Configuration file to load

* zone - Defaults to '''''eur''''' - Allows you to change the ZONE used for creating the XMLMC EndPoint URL: <nowiki>https://{ZONE}api.hornbill.com/{INSTANCE}/</nowiki>

* zone - Defaults to '''''eur''''' - Allows you to change the ZONE used for creating the XMLMC EndPoint URL: <nowiki>https://{ZONE}api.hornbill.com/{INSTANCE}/</nowiki>

* debug - Defaults to '''''false''''' - outputs extra information to the log to help with debugging issues.

* debug - Defaults to '''''false''''' - outputs extra information to the log to help with debugging issues.

== Testing Overview ==

== Testing Overview ==

All Logging output is saved in the "log" directory which can be found in the same location as the executable. The file name contains the date and time the import was run '''''Azure_User_Import_2015-11-06T14-26-13Z.log'''''

All Logging output is saved in the "log" directory which can be found in the same location as the executable. The file name contains the date and time the import was run '''''Azure_User_Import_2015-11-06T14-26-13Z.log'''''

Below are some common errors that you may encounter in the log file and what they mean:

Below are some common errors that you may encounter in the log file and what they mean:

* ''' ''[ERROR] Unable to Load LDAP Attribute: '[LDAP attribute name]' For Input Param: '[Hornbill Parameter name]' '' ''' - When the import utility is unable to load a particular LDAP attribute, this means that the attribute field in your directory does not contain a value. This error will not prevent the user account being created or updated in Hornbill and can be considered more as a warning rather than an outright failure or problem.

* ''' ''[ERROR] Unable to Load LDAP Attribute: '[LDAP attribute name]' For Input Param: '[Hornbill Parameter name]' '' ''' - When the import utility is unable to load a particular LDAP attribute, this means that the attribute field in your directory does not contain a value. This error will not prevent the user account being created or updated in Hornbill and can be considered more as a warning rather than an outright failure or problem.

* ''' ''[ERROR] Unable to Set User Status [status name]: You have reached your user subscription limit of [xx], you will need to expand your subscription level if you wish to add more users'' ''' - The utility is trying to update the user status of an existing user account from an inactive status (i.e. "archived" or "suspended") to "active" however in order for this to be successful you must have some subscriptions available.

* ''' ''[ERROR] Unable to Set User Status [status name]: You have reached your user subscription limit of [xx], you will need to expand your subscription level if you wish to add more users'' ''' - The utility is trying to update the user status of an existing user account from an inactive status (i.e. "archived" or "suspended") to "active" however in order for this to be successful you must have some subscriptions available.

=== Error Codes ===

=== Error Codes ===

=== Windows ===

=== Windows ===

* Make sure the Start In parameter contains the folder where the executable resides in, otherwise it will not be able to pick up the correct path. eg:

* Make sure the Start In parameter contains the folder where the executable resides in, otherwise it will not be able to pick up the correct path. eg:

[[File:Ldap_import_schedule.png]]

[[File:Ldap_import_schedule.png]]