Azure AD
Azure AD Syncer enables automatic user synchronization from Azure Active Directory (Microsoft Entra ID) to Casdoor. The syncer uses the Microsoft Graph API to fetch user information and keeps your user directory up to date.
Prerequisites
Before configuring the Azure AD syncer, you need to set up an application registration in Azure Portal with the appropriate permissions.
Step 1: Register an Application
Navigate to Azure Portal and register a new application:
- Go to Azure Active Directory → App registrations → New registration
- Enter a name for your application
- Select the appropriate account type (typically "Accounts in this organizational directory only")
- Click Register
Step 2: Create a Client Secret
After registration, create a client secret:
- In your application, go to Certificates & secrets
- Click New client secret
- Add a description and select an expiration period
- Click Add and copy the secret value immediately (it won't be shown again)
Step 3: Grant API Permissions
Configure the required Microsoft Graph API permissions:
- Go to API permissions → Add a permission
- Select Microsoft Graph → Application permissions
- Add the
User.Read.Allpermission - Click Grant admin consent for your organization
The User.Read.All permission allows the syncer to read all user profiles in your Azure AD tenant.
Configuration
To create an Azure AD syncer in Casdoor:
- Navigate to the Syncers tab
- Click Add to create a new syncer
- Fill in the following required fields:
| Field | Description |
|---|---|
| Organization | The Casdoor organization where users will be imported |
| Name | A unique identifier for this syncer |
| Type | Select "Azure AD" |
| Tenant ID | Your Azure AD tenant ID (found in Azure Portal → Azure Active Directory → Overview) |
| Client ID | The Application (client) ID from your app registration |
| Client Secret | The client secret value you created earlier |
Other database-related fields (Database type, Port, Database, Table) are not used for Azure AD syncer and can be left empty.
Field Mappings
The syncer automatically maps Azure AD user attributes to Casdoor user fields:
| Azure AD Field | Casdoor Field | Description |
|---|---|---|
| id | Id | User's unique identifier |
| userPrincipalName | Name | User principal name |
| displayName | DisplayName | User's display name |
| givenName | FirstName | First name |
| surname | LastName | Last name |
| Email address | ||
| mobilePhone | Phone | Mobile phone number |
| jobTitle | Title | Job title |
| officeLocation | Location | Office location |
| preferredLanguage | Language | Preferred language |
| accountEnabled | IsForbidden | Account status (inverted) |
The accountEnabled field is inverted when mapped to IsForbidden. When a user is disabled in Azure AD (accountEnabled: false), they will be marked as forbidden in Casdoor (IsForbidden: true).
Running the Syncer
After configuration:
- Click Test Connection to verify your credentials and permissions
- Enable the syncer by toggling Is enabled
- Click Sync to trigger an immediate synchronization
- The syncer will automatically fetch all users from your Azure AD tenant
The syncer handles pagination automatically, retrieving all users regardless of the total count.