Table of Contents

Sync Entra Groups Solution

Niamh Ferns Updated by Niamh Ferns

Sync Entra Groups Solution

The Sync Entra Groups solution provides a simple way for you to automatically keep your DeskDirector Contact Groups in line and updated with your groups in Entra. This functions by automatically syncing contacts, and optionally contact groups, to DeskDirector based on users in Entra groups.

Deployment

The Service Orchestartor Library, IECB ServOrg Library and IECB CustOrg Library solutions must be deployed and fully configured before proceeding.

If you are unsure whether these prerequisites are met, please visit our PowerPlay Deployment Quickstart Guide

In this section, we'll cover how to go through the deployment process for the Sync Entra Groups Solution.

For the deployment to work, you will need to deploy the solution library, then deploy either the ALM or self-service Power Automate solution.

Solution Market Place Deployment

  1. Log in to the DeskDirector Support Portal
  2. Select the Tokity PowerPlay Apps menu item
  3. Locate the Sync Entra Groups solution, and select Download Solution
  4. Select Request ALM Deployment
  5. A support ticket will be logged to track the progress of the solution's deployment
  6. From the Tickets menu, select the recently created PowerPlay App Deployment Request: Sync Entra Groups ticket
  7. You can proceed to the remaining configuration steps once the Sync Entra Groups solution is deployed to both your ServOrg and CustOrg environments:
  8. To validate this step, log in to Power Apps as your Onboarding Administrator
  9. From the top right corner, select your ServOrg environment:
  10. Under Solutions > Managed, confirm the IECB-ServOrg-App-Sync User Group solution is available:
  11. Repeat this process for your CustOrg environment
In this guide, we go through the steps with the ALM version of this solution. If you want to discuss the self-service version, please reach out to the DeskDirector support team.

Solution Library Deployment

Open your Admin Portal and head to System Management > Solution Library.

  1. Select the Managed Solutions tab and open the Sync Entra Groups solution.
    On this page, you can also see a version history as well as a list of features that will be deployed.
  2. Select Deploy
  3. Follow the on-screen prompts to select a board/queue
  4. Confirm your deployment by selecting Deploy, and wait until the Deployment of solution ... has finished message is displayed

ServOrg Configuration Steps

Connection References

  1. Log in to Power Apps as your Onboarding Administrator
  2. From the top right corner, select your ServOrg environment
  3. From the Solutions menu, select Unmanaged > Default Solution:
  4. Select the Connection References menu
  5. For each DeskDirector solution Connection Reference:
    1. Select the Connection Reference
    2. Select the Connection drop-down
    3. Select the relevant Connection created during the PowerPlay Post-Deployment Steps
    4. Select Save and Save Changes
ServOrg Connection Reference List:
  • IECB SyncUserGroup - DeskDirector
  • IECB SyncUserGroup - Office 365 Outlook

Environment Variables

  1. Still within our Default Solution, select Environment variables from the Objects panel
For each variable, it is important to add a New Value instead of updating the Default Value
  1. Update the following environment variables:
    1. IECB SyncUserGroup - Approval Required: An optional value if approval is required for the submission of the Sync User Group configuration form
    2. IECB SyncUserGroup - Board ID: id of the board or queue that the Sync User Group configuration form will be submit on
    3. IECB SyncUserGroup - Closed Status ID: id of a closed status on the referenced IECB SyncUserGroup - Board ID board or queue
    4. IECB SyncUserGroup - Email Recipients: Email address(es) who will receive a daily sync report:
    5. IECB SyncUserGroup - Event ID: The id value of the Sync User Group Event event from your Admin Console
      1. If this event is not yet in an Enabled state, select More Options > Enable
    6. IECB SyncUserGroup - In Progress Status ID: id of an in progress status on the referenced IECB SyncUserGroup - Board ID board or queue

Flow Enablement

  1. Log in to Power Apps as your Onboarding Administrator
  2. From the top right corner, select your ServOrg environment
  3. Navigate to your ServOrgs Managed Solutions and open the IECB-ServOrg-App-Sync User Group
  4. Select Cloud flows in the Objects panel
The flows for this solution must be enabled in a particular order, with dependent child flows being enabled before the referenced parent flows.
  1. Tier 1
    1. [DynamicContent] Requestor Account and Sync Modes
    2. [HttpReq] Entra users mails, UPN clean up
    3. [HttpReq] Extract Entra Groups with Members or Owners
    4. [Httpreq] Removal - Non-Entra member in Account (child)
    5. [Httpreq] Removal - Non-Entra member in Contact Group (child)
    6. [Httpreq] Removal - Non-Entra member in Service Group (child)
    7. [HttpReq] Sync Checking - Send Email Update (child)
    8. [HttpReq] SyncUsers - Add Contacts to Contact Group (Child)
    9. [HttpReq] SyncUsers - Create or Activate DD Contacts (Child)
    10. [HttpReq] SyncUsers - Get DD Contacts (Child)
    11. [HttpReq] SyncUsers - Link Service Group to Contacts (Child)
    12. [Manual] Update Sync Mode Dynamic List
    13. [Schedulde] Update IECB CustOrgs Dynamic List
    14. [Scheduled] Update CustOrg's Entra Groups Table
  2. Tier 2
    1. [HttpReq] Sync Checking
    2. [HttpReq] Sync Mode 1 - Sync contacts
    3. [HttpReq] Sync Mode 2, 5 - Contact group for Entra Members
    4. [HttpReq] Sync Mode 3 - Service Groups
    5. [HttpReq] Sync Mode 4 - Entra Groups as Accounts
    6. [HttpReq] Sync Mode 5 - Contact group for Entra Owners
  3. Tier 3
    1. [HttpReq] Process Sync Request for a CustOrg
  4. Tier 4
    1. [DDEvent] Process Sync Users Request
    2. [Scheduled] SyncUsers - Process Requests

CustOrg Configuration Steps

Connection References

  1. Log in to Power Apps as your Onboarding Administrator
  2. From the top right corner, select your CustOrg environment
  3. From the Solutions menu, select Unmanaged > Default Solution:
  4. Select the Connection References menu
  5. Select the IECB CustOrg App SyncUserGroup HTTP With Microsoft Entra ID Connection Reference, select the Connection drop-down, select the relevant Connection created during the PowerPlay Post-Deployment Steps, select Save and Save Changes

Flow Enablement

  1. Log in to Power Apps as your Onboarding Administrator
  2. From the top right corner, select your CustOrg environment
  3. Navigate to your ServOrgs Managed Solutions and open the IECB-CustOrg-App-Sync User Group
  4. Select Cloud flows in the Objects panel
  5. Enable the following flows in order:
    1. [DDCommand] Get Entra Groups - sync
    2. [DDCommand] Get Groups and Members for Sync
    3. [DDCommand] Update Entra ID Groups Table
    4. Reset Entra ID Groups List table

CustOrg Library: Enumerate Command Offers

  1. Log in to Power Apps as your Onboarding Administrator
  2. From the top right corner, select your CustOrg environment
  3. Navigate to your CustOrgs Managed Solutions and open the IECB Custorg Library
  4. Select Cloud flows in the Objects panel
  5. Load into [Scheduled] Enumerate Command Offers and Run the flow
  6. As an output of the flow, you can expect the IECBCommandOffer table to populate with supporting commands for the Sync Entra Groups solution:

ServOrg: Manual Flow Runs

  1. Log in to Power Apps as your Onboarding Administrator
  2. From the top right corner, select your ServOrg environment
  3. Navigate to your ServOrgs Managed Solutions and open the IECB-ServOrg-App-Sync User Group
  4. Select Cloud flows in the Objects panel
  5. Load into each of the following and Run the flow
    1. Run [Manual] Update Sync Mode Dynamic List
    2. Run [Schedulde] Update IECB CustOrgs Dynamic List

Sync Configuration Form Access and Submission

As part of our Solution Library Deployment step a Sync User Group form was deployed to our DeskDirector instance

  1. Log into your DeskDirector instance as a Master Admin
  2. Browse to Portal > Service Catalogue > Service Type Configuration
  3. Search and select the Sync User Group service catalogue item
  4. Grant your Onboarding Administrator contact access to the service catalogue item using:
    1. The Access tab on the service catalogue item
    2. Include the service catalogue item in a Service Group the contact can access
  5. Browse to Client Portal > Contacts, and then search and select the Onboarding Administrator contact
  6. From the Profile menu, Impersonate the contact using Diagnose Client portal
  7. Contact Support > New Ticket > IECB Sync Solutions > Sync User Group
  8. Search and select your CustOrg Account/Company from the dynamic list, followed by Next
  9. Select your preferred sync mode:
    1. Sync contacts only: Synchronizes Entra group users as contacts under the selected account, without assigning them to any Contact Groups or Service Groups
      1. For your initial sync, it is recommended to use the Sync contacts only configuration
    2. Add contacts to Contact Group: Adds the synchronized contacts to the appropriate Contact Group
      1. Note: Contact Groups are automatically created based on Entra group names
    3. Link contacts to Service Group: Links the synchronized contacts to a Service Group.
      1. Important: Ensure that the Service Groups with the same name as the Entra groups already exist before running the sync
    4. Sync Entra groups as Accounts: Synchronizes Entra groups as DeskDirector accounts.
      1. Important: Ensure that Accounts are properly tagged to match their corresponding Entra groups before running the sync (e.g. the account for 'IT Support Team' should be tagged as 'it-support-team'). You may choose any name for the account.
    5. Add Entra group owners and members to Contact Group: Adds both owners and members of an Entra group to the appropriate Contact Group, assigning different roles to each
      1. Note: Contact Groups are automatically created based on the Entra group names
  10. Submit your details to complete the configuration form:

Entra Groups Sync Manager

  1. Log in to Power Apps as your Onboarding Administrator
  2. From the top right corner, select your CustOrg environment
  3. Navigate to your CustOrgs Managed Solutions and open the IECB-CustOrg-App-Sync User Group
  4. Select Cloud flows in the Objects panel
  5. Load into [Scheduled] Update CustOrg's Entra Groups Table following and Run the flow
  6. As an output of the flow, you can expect the Entra ID Groups List table to populate with Group information from your CustOrg tenant's Microsoft Entra:
  7. Still within our IECB-CustOrg-App-Sync User Group solution, select Apps from the Objects panel
  8. For the Entra Groups Sync Manager, select More Options and Share
  9. Search and select your Onboarding Adminstrator user, followed by Share
    1. A PowerApps Premium license will be required to access PowerApps
    2. Additional access can be granted to other users within your organisation
  10. Once shared, Play the PowerApp:
  11. Within the Entra Groups Sync Manager PowerApp, enable any relevant groups using the Sync to Desk Director column
  12. Once enabled:
    1. To expedite a sync and confirm the solution is working as expected, complete the Sync User Group form submission again outlined in the Sync Configuration Form Access and Submission section
    2. Alternatively, these groups will be included as part a daily scheduled sync task

How did we do?

Contact