How to Synchronize a Rescue Technician Group with Azure Active Directory User Groups

    Master Account Holders can import Azure Active Directory users as Rescue technicians into their organization. Key user data in Rescue will be automatically updated when those change in the Azure Active Directory.

    1. Generate a service token and default password for new users in the Admin Center.
      1. Select the Global Settings tab.
      2. To generate a service token, click Generate and Copy under Active Directory Synchronization.

        Result: A service token is generated and copied to your clipboard.

      3. Define the default password you want your new technicians to use for their first login.

        Note: Users are required to change this password upon their first login.

    2. Download and extract the server application.
      1. In the Rescue Administration Center, under Active Directory Synchronization, click Download to download the service installer.

        Result: The service installer is downloaded to your computer in a zip file.

      2. Extract the zip file to a folder.
    3. Run the server application, and configure synchronization behavior.

      Important: You need privileges to run the application as a system service. The computer running the application must be connected to Active Directory with sufficient permissions to access and query all Active Directory groups and users.

      1. Select the Microsoft Azure AD service to be used.
      2. Submit the following credentials:

        • Master Account Holder Rescue credentials
          • Email
          • Password
        • The service token you previously generated on the Global Settings tab of the Admin Center.
        Note: By checking Dry Run mode, you can preview the changes the service will make in your Rescue hierarchy tree.

      3. Click Next to run ADService.exe.

        Note: The application runs in Admin mode.

      4. Enter your Azure App credentials, and click Next.

      5. Select the groups you want to synchronize.

        • The first column contains the Azure AD Groups, select one Active Directory group you want to synchronize with a Rescue Group.
        • The second column contains the Rescue Groups, select one group that will be synchronized with the AD group.

      6. Click the arrow button pointing to the third column to finalize the selection.

        Note: If you want to select multiple groups, repeat step e. To cancel synchronization between two groups, select them in the third column, and click the arrow pointing towards the second column.

      7. Click Next.
      8. Enter a search criteria (for example 'support').
      9. Enter a search term (for example 'aid').

        Result: AdSync searches for this term between the configured AD groups.

      10. Select Yes in the confirmation pop-up window to continue with the synchronization.
      11. If the installation was successful, click Finish, and close the installer.

        Result: The service application is installed as a windows service provisioning users belonging to the selected Azure Active Directory group(s) to the selected Rescue Technician Group(s).

        Restriction: It is not possible to delete a technician from the Rescue Admin Center by using the Active Directory synchronization service. When a user is deleted or moved in Active Directory, the corresponding Rescue technician is disabled.
        Note: If a technician is moved to another Rescue Technician Group, subsequent synchronization will only update the user's status, but will not move the user back to its initial synchronization group.
        Note: If a user is disabled, deleted, or moved in Active Directory, the technician's mobile license is freed up, and becomes available for other members of the Rescue organization.
        Tip: If the synchronization service fails, you can get an error log by clicking Active Directory Logger at the bottom of the Active Directory Synchronization section on the Global Settings tab of the Admin Center.

    How to Create a Client ID, Tenant and Client Secret in Azure

    1. Sign in to Microsoft Azure.
    2. Select Azure Active Directory.
    3. Click Add on the ribbon and select App registration.
    4. Enter the name of your application and click Add.
    5. Select Accounts in this organizational directory only (Default Directory only - Single tenant) option under Supported account types.
    6. Note your Application Client ID and Directory tenant ID, as you will need them later on for AdSync.
    7. Select Certificates & Secrets from the sidebar on the left, and click the New client secret option.
    8. Enter the description and expiry of the Client secret in the Add a client secret dialog on the top of the screen.
    9. Save the value of the Client secret.
    10. Select API permission from the sidebar on the left, and click the Add a permission option.
    11. Select Microsoft Graph, and click the Application permissions tab.
    12. Scroll down to User and check in the User.Read.All option.
    13. Scroll to Group, and check in the Group.Read.All option.
    14. Scroll to Directory and check in the Directory.Read.All option.
    15. Click Add permissions at the bottom of the page.
    16. Click Grant admin consent for Default Directory, and click Yes, when prompted.
    17. Close the Microsoft Azure portal.

      Result: The Client ID, Tenant and Client Secret is populated in AdSync.