Skip to main content

Privacera Documentation

Add AAD UserSync connector

You can use UserSync to connect to Azure Active Directory (AAD) for the purpose of connecting, pulling, or serving as data access users.

Add AAD UserSync connector on Privacera Platform

To add an AAD UserSync connector on Platform, follow these steps:

  1. Enable Privacera UserSync:

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.privacera-usersync.yml config/custom-vars/
  2. Enable the AAD connector:

    cd ~/privacera/privacera-manager 
    cp config/sample-vars/vars.privacera-usersync.azuread.yml config/custom-vars/ 
    vi config/custom-vars/vars.privacera-usersync.azuread.yml
  3. Edit the following properties:

    • AZURE_AD_CONNECTOR: The name of this connector

    • AZURE_AD_ENABLED: Enables the connector (true/false)

    • AZURE_AD_TENANT_ID: The tenant ID

    • AZURE_AD_CLIENT_ID: The client ID

    • AZURE_AD_CLIENT_SECRET: The client secret

    • AZURE_AD_SEARCH_USER_GROUPONLY: Syncs only the attributes of uses already synced from other services (true/false)

    • AZURE_AD_SERVICEPRINCIPAL_ENABLED: Enables the sync of service principals as a user (true/false)

    For a full list of properties, see AAD UserSync connector properties.

  4. Run the following command:

    cd ~/privacera/privacera-manager 
    ./ update

Add AAD UserSync connector on PrivaceraCloud

To add an AAD UserSync connector on Cloud, follow these steps:

  1. From the navigation menu, select Settings > Datasource.

  2. Choose a data source, click the dots icon, and select Add Application.

  3. From the Application List section, select USERSYNC.

  4. From the Service Type dropdown, select AAD.

  5. In the Connector Name field, enter a name for the connector.

  6. In the BASIC tab, enter the values in the respective fields.

  7. From the Authentication Type dropdown, select Simple.

  8. Complete each step and advance through the pages of the configuration wizard.


    Configure Connector - Detect deleted users and groups by selecting the following fields under ADVANCED:

    • Search Deleted Group

    • Search Deleted User

    Configure Filters - There are the following optional fields for filtering:

    • Include Users By Domain: Add domain names to include, default value is empty

    • Exclude Users By Domain: Add domain names to exclude, default value is empty

  9. Complete all BASIC values, then review and update ADVANCED values as required.

  10. Click FINISH.


When you update the UserSync configuration, you should restart it. This is to ensure that your updated configuration works properly.