How to Setup User Sync for Cloud Customers

Applies To

  • UniversitySite Cloud

Intended Audience

  • System administrators

Background

An executable program is provided by Profiscience for syncing user profiles from your internal data source to UniversitySite.  This program allows for mapping of your data to fields in UniversitySite such as user name, email, and location.  Once the mapping has been configured, an initial import is run and then a daily import is scheduled.

In order to ensure that new users are added, existing users are updated, and outgoing user accounts are disabled, the user sync should be set up and scheduled to run once a day. 

NOTE: If upgrading from an older version of the user sync tool then extract the contents of the zip file from the download replacing files of the same name then start with step 1 in Setting up the User Sync as described below.  If you NEED the latest version of the user sync tool you can get that here.

Security 

The access ID which will be copied into the customer's user sync config from their UniversitySite cloud website is a long randomized key that is unique to each firm and is used to encrypt the firm's outgoing communication with 256 bit AES encryption.  This key is then used at the cloud server to decrypt the user data and sync up the incoming data with the UniversitySite database for this particular customer.

The user sync communicates via port 443 to your cloud site.

Our User Sync tool requires TLS 1.2

User data fields typically included in this sync can be  found here

Note: The only requirement for this web server is that it be run from within the same domain where the user's data is found (for AD Sync) but even that is not necessary if using a database sync (preferred).  There are no holes that are needed in the firm's firewall and it can normally just be run on any existing web server behind the firm's firewall.

Important

email address, network alias, and you unique identifier (if you are using Guid) cannot be blank and must be unique.

Setting up the User Sync

  1. Configure your automated user import using the Active Directory
  2. From the Start menu on the web server, choose Program files, Profiscience Partners, Active Directory 
  3. Choose the Setup tab
  4. Jump into InstructorSite Global Settings / API Keys / User Sync
  5. Copy the Access ID and paste it into the User Web Service Access ID field
  6. Copy the UniversitySite Root URL and paste it into the User Web Service URL field

  7. Choose a notification level (Summary with Errors and Warnings is recommended)


    Note: If multiple recipients are desired, separate the email addresses with a  comma.

  8. Save the Settings
  9. Click Add to specify a data source
  10. Select either Active Directory (default) or OLE 
  11. Name the data source sync

  12. IF using AD sync decide whether or not to disable users that no longer exist in the source (recommended)


    Note: If you are using OLE Database as the source choose the button to the right of the DB connection field or type it manually.  Enter the DB select statement into the DB Select field either directly, or using the button to the right of the field. Also, don't forget to select the unique identifier field (must be unique).

  13. Choose the Preview button

  14. Map the fields from the data source to the fields in UniversitySite using the drop down buttons for each field as desired


    Note: It is important that the Disabled field is mapped to a field in the data source that either contains a 1, T, or True for disabled or a 0, F, or False for NOT disabled.

  15. Determine which field is best for the Office locations in UniversitySite.
  16. physicalDeliveryOfficeName (office) or l (city)

  17. If choosing l for city, then edit the AD filter and replace physicalDeliveryOfficeName with lNote: The AD Filter will exclude any accounts from being processed that do not have either a first and last name, email address, or Office location (physicaldeliveryofficename or l depending upon the selection). 


    This means that if a new person is entered in AD without an Office (or city if using that), then they will NOT be added to UniversitySite.

  18. When mapping is complete,  choose OK
  19. Check the box to Enable your sync and click Save settings
  20. Return to the Main tab
  21. Click Start to test your sync and see how long it takes to run
  22. Enable the data source
  23. Choose Ok, and confirm that the import proceeds without errors and that the notification email is received

Schedule the User Sync in Task Scheduler

  1. Open Scheduled Tasks control panel applet and choose,  Add Basic Task
  2. Select an identifiable name for the task such as “UniversitySite AD User Import”, select Daily and click Next
  3. Select the time the task should run and choose Next
  4. Select the action “Start a program” and choose Next
  5. Browse for the task executable at c:\program files\Profisciencē Partners\Active Directory Import\ActiveDirectoryImport.exe
  6. Add argument:  activedirectoryimport.xml
  7. Enter the windows user account login information for the account this task should run under and choose Next
  9. Note:  The following rights are needed for the AD Import service account:
    • Local Admin Group membership
    •  Logon as a service (for scheduled task)
    •  Domain Users group membership
    •  Account must have write access to the Profsiciencē Partners program file directory where the  AD Import program resides
  10. Check the box to Open advanced properties,  select finish and choose Next
  11. Check the box for “Run whether user is logged on or not”
  12. Manually run the scheduled task to confirm that it was set up correctly and ensure that the last result status looks like 0x00.
  13. Login to UniversitySite from a desktop and confirm login is automatic for UniversitySite.

Still need help? Contact Us Contact Us