Azure AD (Entra ID) to JSM Assets

Please review instructions here to get started with setting up an Assets import configuration. You can then access OnLink app from the “Manage your apps” menu to further configure and set the field level mapping. Here’s an example configuration:

 

image-20240322-090943.png

 

 

 

 

  1. Set a descriptive name for this map

  2. Set source system to Azure AD

  3. Asset Schema is pre-filled. This is the schema in JSM Assets on which you started the configuration.

  4. Select the Object Type within your schema.

  5. Select schedule frequency

  6. Attribute mapping - see below for more details.

 

Sample Azure AD Object Schema

 

image-20240322-091828.png

 

 

 

Here’s the associated mapping

key:id=UserID
map:id=Name
map:userPrincipalName=UserPrincipalName
map:displayName=DisplayName
map:companyName=CompanyName
map:department=Department
map:jobTitle=JobTitle
config:export_azure_groups=false
config:export_azure_licenses=false
config:data_limit=100

 

Here’s a detailed breakdown of each of the mapping items:

Key or Map

Description

Key or Map

Description

key:userPrincipalName=WorkerID

The keyword “key” refers to using userPrincipalName as a unique identifier. This allows OnLink to update the record. WorkerID is a text attribute.

map:userPrincipalName=Email

The userPrincipalName is also mapped to Atlassian Account ID, which is an attribute of type “User”. Here OnLink looksup the Atlassian User object based on userPrincipalName.

map:usageLocation=Usage Location

Maps usageLocation property from Azure to Usage Location. Any field (string, boolean, date) from Azure AD API can be used as the source field. Here’s the list of fields: https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#properties

Some common fields are:

  1. companyName

  2. country

  3. department

  4. displayName

  5. employeeHireDate

  6. employeeType

  7. givenName

  8. jobTitle

  9. mailNickname

  10. mobilePhone

  11. officeLocation

  12. preferredName

  13. surname

  14. userPrincipalName

map:CostCenterEmployeeOrg=Department|Name=${CostCenterEmployeeOrg}

This maps employee Cost Center in Azure to Department attribute in Assets schema, where Department is a reference and the lookup happens by name

map:DivisionEmployeeOrg=Division|Name=${DivisionEmployeeOrg}

This maps employee Division in Azure to Division attribute in Assets schema, where Division is a reference and the lookup happens by name

map:EmployeeManager=ManagerObject|WorkerID=${EmployeeManager}

EmployeeManager is a special property that OnLink provides. In this mapping example, ManagerObject is an attribute in your Asset Object type. It’s a self-referencing object i.e., an object attribute that points back to the parent object type.

To map the manager field, the Azure User ID field is used. In this case, this Azure User ID is mapped to WorkerID attribute.

Note: this is only enabled when you are importing less than 1000 users at the moment. This can be enabled by setting this property in your mapping attributes: config:expand=manager. However the Azure API does not support filters when exporting managers. You can however split the assets into two imports - one with filters and without managers, and the other without filters to pull managers. Both can then be combined into objects.

config:export_azure_groups=true

This allows OnLink to pull all Groups assigned to a user. Please note that a pre-defined schema needs to be created exactly like below.

Schema name is Azure Groups. Three text attributes - Group Display Name, Group Description, Group ID.

OnLink pulls Azure Groups into this schema and maps them to your users schema.

config:export_azure_licenses=true

Similar to Groups, this setting allows OnLink to pull all Licenses assigned to a user. Please note that a pre-defined schema needs to be created exactly like below.

Schema name is Azure Licenses. Three text attributes - License ID, License SKU Part Number, License SKU ID

 

config:filter=country eq 'United States' (example)

Optional parameter to add filter to list users; any valid filter expression can be used here

config:data_limit=100

Optional parameter to limit the number of users to pull from Azure. This can be used for initial testing.