Skip to content

Configure Domain Filtering in Entra ID (AAD)

Privacera supports filtering users by domain when syncing users from Entra ID (AAD). When using domain filtering, users will be limited to only those users that match the specified domain.

Setup

Go to the Privacera Manager host and navigate to the Privacera Manager installation directory:

Bash
1
2
cd ~/privacera/privacera-manager
vi config/custom-vars/vars.privacera-usersync.azuread.yml

Add or update the following variables based on desired configuration:

YAML
1
2
3
4
5
6
#eg:- Privacera.US,privacera.com
AZURE_AD_MANAGE_DOMAIN_LIST: ""
#eg:- Privacera.US,privacera.com
AZURE_AD_IGNORE_DOMAIN_LIST: ""
#username or email, default is email if not configured eg:- email
AZURE_AD_DOMAIN_ATTRIBUTE: "email"
The variables are used to filter users based on the domain of the user's email address or username. The filters are applied to the user objects returned by the Microsoft Graph API.

AZURE_AD_MANAGE_DOMAIN_LIST : Users with domain matching the list will be included in the sync. Multiple domains can be specified by separating them with a comma.

AZURE_AD_IGNORE_DOMAIN_LIST : Users with domain matching the list will be excluded from the sync. Multiple domains can be specified by separating them with a comma.

AZURE_AD_DOMAIN_ATTRIBUTE : The attribute to use for domain filtering. Can be email or username.

Restart Privacera Services

Bash
1
2
3
cd ~/privacera/privacera-manager
./privacera-manager.sh setup
./pm_with_helm.sh upgrade

Comments