Define priority for Azure AD mapping
User accounts are automatically created when Azure AD is integrated and configured. When you define multiple Azure AD mappings, the users are automatically classified while creating the user accounts based on the filter parameters. It then starts assigning the profile and storage specified in the Azure AD mapping.
However, it may be a case, where user accounts fall under multiple Azure AD mappings based on the defined criteria. In such cases, administrators can define the priority for the mappings and users are imported based on the mapping sequence and the assigned profile and storage specified in that mapping.
When you create multiple Azure AD Mappings, inSync by default gives priority to the oldest Azure AD mapping. Azure AD mapping listed at the top has the highest priority while the one at the bottom has the lowest priority. By default, the latest Azure AD mapping defined is assigned the lowest priority.
inSync provides an option to change the priority of an Azure AD mapping after you create it.
Example
Assume you have defined two Azure AD mappings that have the following criteria,
- General Users Mapping
- Import all users from the Engineering department
- Assign them to General Profile 1
- Per-user storage - 5 GB
- Executive Users Mapping
- Import Executive users that are also from the Engineering department
- Assign them to Executive Profile
- Per-user storage - 50 GB
General Users Mapping is created before Executive Users Mapping.
Here is how inSync imports users based on the criteria defined in the Azure AD mappings,
Executive users fall under both the Mappings. As General Users Mapping is created before the Executive Users Mapping, by default, it has the priority. All the users are imported to inSync, including Executive users, and assigned to the General Profile 1 and storage of 5 GB.
However, you want Executive users assigned to the Executive Profile and storage usage of 50 GB. In this case, you must change the priority of Executive Users Mapping from lowest to highest. inSync then, first classifies the Executive users and assigns them to Executive Profile, and then other General users are assigned to the General Profile.
Update the priority of an Azure AD mapping
- On the inSync Management Console, click Users > Deployment.
- On the Azure AD Deployment page, click the Settings tab.
- In the Mapping Priority Order section, you can see the existing Azure AD mappings as per their defined priority.
- Click Edit to change the priority of an Azure AD mapping.
- Edit Mapping Priority Order pop-up with the list of all the Azure AD mappings that appear. Select an Azure AD mapping to change its priority.
- Click Save.
The priority of the selected Azure AD mapping is updated. inSync classifies users based on the updated priority of the Azure AD mapping and assigns them the profile and storage.