Introduction
This article provides an overview and general instructions for the Synchronizer managed solution, which is provided by the LMS365 Professional Services Division.
Availability
The Synchronizer managed solution is available only to Care Plus and Care Premium customers.
Prerequisites and access
- Care Plus or Care Premium subscription.
- Access to the LMS365 Academy.
- LMS365 API key (created in the customer’s tenant).
Support and maintenance
- If you encounter issues when using this solution, contact your Customer Success Manager.
- If you want to provide feedback and ideas, contact your Customer Success Manager.
Overview
The Synchronizer managed solution enables users to synchronize custom user fields into LMS365 from either Azure Active Directory (AAD) or a CSV file located on SharePoint.
This guide will cover the following:
- Synchronizer authentication.
- Synchronizer settings.
- User fields.
- Create a user field.
- Set up AAD access.
- Set up SharePoint access.
- Provide SharePoint access to the Synchronizer.
- Synchronizer installation and configuration.
Synchronizer authentication
Required role: Users with permissions described in the Prerequisites and access section.
To authenticate correctly to the Synchronizer solution, follow these steps:
1. Access the LMS365 Automation Center page.
2. Select Synchronizer section in the left menu.
3. Select Login using LMS365 API key in the top right-hand corner of the Synchronizer page.
4. In the open Login dialog, enter your LMS365 API key.
5. Select Submit.
Synchronizer settings
- Contact email address. This will be used for notifications for any synchronization failures.
- LMS365 API key. This will be populated from when you first logged in. The Synchronizer uses this to access your LMS365 environment. This key should have full control permissions because this is required to write data to custom columns.
- Custom date format. This will be used for any date fields that are being synchronized.
- Azure AD mapping. This will require the app registration Client Id and Secret for the AAD app registration that allows read access to your user's details in Active Directory. This allows the Synchronizer to read the values on the user profile to then synchronize with the specified fields.
- SharePoint library settings. This is used with an associated SharePoint app registration that gives "read" access to the SharePoint site from where you would like to synchronize CSV reports.
NOTE
More information on setting up AAD and SharePoint access is available later in this article.
User fields
Required role: Users with permissions described in the Prerequisites and access section.
User fields (main screen)
On the User Fields page, you'll see an overview of all the custom LMS365 user fields created within your tenant. You'll have the option to view each field, the type of data being synced, field descriptions, and the location from which the column is syncing.
The following columns will be available on the User Fields page:
Title - Displays the name of the user field.
Type - Displays the type of data being synced for this user field. Options include:
- String (text value).
- Date (date value).
- Number (number value).
- Boolean (true or false values).
Description. Displays the description listed in the created user field.
Synced from. Displays the location that the Synchronizer uses to populate the user fields. Options include:
- AAD – syncing from an AAD field.
- Data – syncing from a CSV file located on a SharePoint site.
- None – not currently being synced by the Synchronizer.
Create a user field
Required role: Users with permissions described in the Prerequisites and access section.
To create a user field, follow these steps:
1. From the User Fields page, select Create new.
2. Enter the details for your new field:
- Title - This is a required field.
- Type - This is a required field.
- Default value - This is a required field. Specify a default value for every user field that you synchronize from AAD or Data. The complete absence of a user field value for some users would cause issues for Power Query-based reports made in Excel or Power BI.
- Description - This is a required field. Enter a date in the same format as the example provided.
- Active - Determines whether the synchronize will be active once it's created.
- Synced from - This is a required field. Choose whether you want to synchronize from AAD or Data (a CSV file located on SharePoint).
When syncing from AAD, you'll need to specify the AAD field that you want to use.
When syncing from data, you'll need to enter the column name in the CSV file that holds the data used for this new user field.
Synchronizer How To video
Watch the following video for a quick tutorial on how to use the Synchronizer managed solution once it has been configured by your Microsoft 365 global admin.
Set up AAD access for synchronization
Required role: Microsoft 365 global admin.
NOTE
The following steps are necessary only if you want to synchronize from a user field located in AAD.
This section will provide the necessary steps that your Microsoft 365 global admin must follow to create an AAD app registration that the Synchronizer can use to read the user data from AAD and synchronize with the user fields in LMS365.
IMPORTANT
This process should be completed by your IT team or someone who has global admin permissions.
Prerequisites
- Microsoft 365 global admin access.
Set up the AAD app registration
Most of the following information is sourced from this Microsoft guide.
Create the AAD app registration
In your environment, navigate to your Azure Portal and follow these steps:
1. Go to app registrations.
2. Select the + New registration link and complete the following details:
- Name - Enter an app registration name. We recommend something like LMS365 Synchronizer.
- Supported Account Types - Accept the default Single-tenant value.
- Redirect URI Optional - Leave this blank.
3. Select Register.
4. Save the application (client) Id for later use.
Add the AAD app permissions
1. On the left-hand side, select API Permissions.
2. Select Add a permission.
3. Select Microsoft Graph and then Application Permissions.
4. Search for User.Read.All and add that permission.
5. Select Grant Admin Consent to grant consent for the newly added permissions.
Create a Client Secret
1. On the left-hand side, go to Certificates & secrets.
2. Select the + New client secret link and complete the following details:
- Description - Enter the name of the secret. We recommend something like LMS365 Synchronizer Secret.
- Expires - Enter the expiration time of the secret. We recommend a longer expiration date because once the secret expires, you'll have to generate a new one.
3. Save the secret value for later use because it can't be viewed once you leave this screen.
Provide AAD access to the Synchronizer
1. Go to the Synchronizer settings: https://automation-center.365.systems/synchronizer/settings.
2. Navigate to the Create mapping from Azure AD to custom user fields section.
3. Enter the Client Id from step 4 of the Create the AAD app registration section.
4. Enter in the Client Secret from step 3 of the Creating a Client Secret section.
5. Click the Save button to finalize changes.
You should now be able to set the user fields synchronization source to AAD to enable you to synchronize from your AAD.
Set up SharePoint access for synchronization from a CSV file
Required role: Microsoft 365 global admin.
NOTE
The following steps are necessary only if you are wanting to synchronize from a CSV file located on the SharePoint site.
This section will provide the necessary steps that your Microsoft 365 global admin must follow to create a SharePoint app registration that the Synchronizer can use to read the user data and synchronize it with the user field in LMS365.
IMPORTANT
This process should be completed by your IT team or someone who has global admin permissions.
Prerequisites:
- SharePoint global admin access.
- A SharePoint site collection with a document library. An LMS365 catalog site collection will work.
Set up the app registration
All of the following information is sourced from this Microsoft guide.
Create app registration credentials
In your own tenant, navigate to an LMS365 course catalog site and follow these steps:
1. From your LMS365 course catalog site page, enter the following extension after your catalog url: /_layouts/15/AppRegNew.aspx.
NOTE
Your "site collection URL" will be the site collection where you would like the CSV file to be stored for syncing.
An example of using a LMS365 catalog site collection would look like this: https://contoso.sharepoint.com/sites/LMSCatalog/_layouts/15/AppRegNew.aspx
2. Select Generate to create a Client Id.
3. Select Generate to create a Client Secret.
4. Enter an app registration Title. We recommend something like LMS365 Synchronizer.
5. Save both the Client Id and Client Secret for later use.
6. Set the App Domain to www.lms365.com.
7. Set the Redirect URL to https://www.lms365.com.
8. Select Create.
IMPORTANT
Save your Client Id and Client Secret information for later use.
Grant app registration permissions
In your own tenant, navigate to an LMS365 course catalog site and follow these steps:
1. From your LMS365 course catalog page, enter the following extension after your catalog url: /_layouts/15/AppInv.aspx.
NOTE
Your "site collection URL" will be the site collection where you want the CSV file to be stored for syncing.
An example of using an LMS365 catalog site collection would look like this: https://contoso.sharepoint.com/sites/LMSCatalog/_layouts/15/AppInv.aspx
2. Enter the Client Id from step 5 in the previous section and select Look Up.
3. Enter the following XML Permissions to give "read" access to the site collection:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Read" />
</AppPermissionRequests>
IMPORTANT
When copying the above XML syntax to grant permissions, make sure that the syntax contains straight quotation marks. Curved quotation marks might result in an error.
4. Select Create.
5. Select Trust It if you are prompted to trust the new app registration.
Provide SharePoint access to the Synchronizer
1. Go to the Synchronizer settings: https://automation-center.365.systems/synchronizer/settings.
2. Navigate to the Use CSV from SharePoint Library section.
3. Enter the Client Id and Client Secret.
4. Enter the Site Collection URL, for example https://contoso.sharepoint.com/sites/LMSCatalog.
5. Enter the name of a SharePoint document library that exists in the site collection that holds the CSV file.
6. Enter the name of the CSV file. In the image later in this section, this is UserFieldSync.csv.
7. In the CSV Id Column field, enter the name of the column in the CSV file that uniquely identifies the user in LMS365. In the image later in this section, this is LMS365UserEmail.
8. In the LMS 365 Id column field, enter the LMS365 user field that the CSV file uses to uniquely identify the user in LMS365. In our example, the LMS365UserEmail column in the CSV file contains the email address of the user and the LMS 365 ID column shows Email.
Typical values for this column include Title, Email, DirectoryObjectID, or LoginName.
9. Select Save to finalize the changes.
You should now be able to set the User Fields synchronization source to Data in order to synchronize from the file on SharePoint.
Video walkthrough of the Synchronizer installation and setup process
Watch the following video for a detailed walkthrough of the Synchronizer managed solution installation and setup process.
NOTE
The Microsoft 365 global admin role will be required to configure SharePoint and AAD access for the Synchronizer.
Comments
Please sign in to leave a comment.