How to Setup User Sync for Cloud Customers
Applies To
- UniversitySite Cloud
Intended Audience
- System administrators
Background
Profiscience provides an executable program to sync user profiles from your internal data source to UniversitySite. With this program, you can map your data—like user names, emails, and locations—to the proper fields in UniversitySite. After setting up the mapping, you’ll run an initial import and then schedule it to repeat daily.
The sync should be scheduled to run once a day to keep everything up to date—adding new users, updating existing ones, and disabling accounts for users who have left.
NOTE: If upgrading from an older version of the user sync tool, unzip the downloaded file and replace any existing files with the same names. Then, follow step 1 in the "Setting up the User Sync" instructions below. If you NEED the latest version of the user sync tool, you can download it here.
Security
The access ID is a unique, random key you’ll copy from your UniversitySite cloud website into your user sync config. It’s different for every customer. This key encrypts the data sent from your server to the cloud server using strong 256-bit AES encryption. The same key decrypts the data on the cloud server and syncs it with your UniversitySite database. All data travels from your server to the cloud site over HTTPS on port 443, secured with TLS 1.2.
User data fields typically included in this sync can be found here
Note: If you're using Active Directory Sync for the user sync tool, the server hosting it needs to be part of the same Active Directory domain where the user data is stored. This isn’t required for a database sync, which is usually the better option. You don’t need to open any holes in the company’s firewall. The tool can usually run on any existing server behind your firewall.
Important
email address, network alias, and your unique identifier (if you are using Guid) cannot be blank and must be unique.
Setting up the User Sync
- Configure your automated user import using the Active Directory
- From the Start menu on the web server, choose Program files, Profiscience Partners, Active Directory
- Choose the Setup tab
- Jump into InstructorSite Global Settings / API Keys / User Sync
- Copy the Access ID and paste it into the User Web Service Access ID field
- Copy the UniversitySite Root URL and paste it into the User Web Service URL field
Choose a notification level (Summary with Errors and Warnings is recommended)
Note: If multiple recipients are desired, separate the email addresses with a comma.
- Save the Settings
- Click Add to specify a data source
- Select either Active Directory (default) or OLE
- Name the data source sync
IF using AD sync decide whether or not to disable users that no longer exist in the source (recommended)
Note: If you are using OLE Database as the source choose the button to the right of the DB connection field or type it manually. Enter the DB select statement into the DB Select field either directly, or using the button to the right of the field. Also, don't forget to select the unique identifier field (must be unique).
- Choose the Preview button
Map the fields from the data source to the fields in UniversitySite using the drop down buttons for each field as desired
Note: It is important that the Disabled field is mapped to a field in the data source that either contains a 1, T, or True for disabled or a 0, F, or False for NOT disabled.
- Determine which field is best for the Office locations in UniversitySite.
- physicalDeliveryOfficeName (office) or l (city)
If choosing l for city, then edit the AD filter and replace physicalDeliveryOfficeName with lNote: The AD Filter will exclude any accounts from being processed that do not have either a first and last name, email address, or Office location (physicaldeliveryofficename or l depending upon the selection).
This means that if a new person is entered in AD without an Office (or city if using that), then they will NOT be added to UniversitySite.
- When mapping is complete, choose OK
- Check the box to Enable your sync and click Save settings
- Return to the Main tab
- Click Start to test your sync and see how long it takes to run
- Enable the data source
- Choose Ok, and confirm that the import proceeds without errors and that the notification email is received
Schedule the User Sync in Task Scheduler
- Open Scheduled Tasks control panel applet and choose, Add Basic Task
- Select an identifiable name for the task such as “UniversitySite AD User Import”, select Daily and click Next
- Select the time the task should run and choose Next
- Select the action “Start a program” and choose Next
- Browse for the task executable at c:\program files\Profisciencē Partners\Active Directory Import\ActiveDirectoryImport.exe
- Add argument: activedirectoryimport.xml
- Enter the windows user account login information for the account this task should run under and choose Next
- Note: The following rights are needed for the AD Import service account:
- Local Admin Group membership
- Logon as a service (for scheduled task)
- Domain Users group membership
- Account must have write access to the Profsiciencē Partners program file directory where the AD Import program resides
- Check the box to Open advanced properties, select finish and choose Next
- Check the box for “Run whether user is logged on or not”
- Manually run the scheduled task to confirm that it was set up correctly and ensure that the last result status looks like 0x00.
- Login to UniversitySite from a desktop and confirm login is automatic for UniversitySite.