SMARTFENSE uses a set of attributes from Microsoft Entra ID for user import and synchronization, which are stored in specific fields within the platform.
Fields used
The following fields are taken from Microsoft Entra ID (Azure AD) and stored in SMARTFENSE:
-
employeeId
User identifier. It is stored in the Employee ID field -
preferredLanguage
User's preferred language. Must follow the ISO 639-1 standard
Example:en-US -
display_name
Visible name of the user in the administration -
given_name
User's first name -
surname
User's last name -
mail
Email address (SMTP)
Example:user@company.com -
mail_nickname
Email alias (maximum 64 characters) -
user_principal_name
User principal name (UPN), used as login
Must belong to a verified domain -
object_id
Globally unique identifier (GUID) of the user (read-only and immutable)
Reference
For more information about these attributes, consult the official Microsoft documentation:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-profile-attributes
Considerations about domains
In the Users and groups > Import and synchronization > From Microsoft Entra ID section, click Save
In organizations with multiple domains:
- To import users from all domains → use the root domain (onmicrosoft)
- To import users from a specific domain → specify only that domain
Groupings (groups)
SMARTFENSE allows importing different types of groups from Microsoft Entra ID.
- Previously: only Security type groups
- Currently: all types of Microsoft Entra ID groups are supported
Group format in import
When importing users from groups:
- Names must exactly match those defined in Microsoft Entra ID
- They must be separated by commas without spaces
- They must not be enclosed in quotes
Example:
Group1,Group2,Group_3
This applies to both:
- User import by groups
- Configuration in the Groupings section
Functional Areas and Hierarchical Levels
These fields:
- Correspond to text properties in Microsoft Entra ID
- Must not be relationship (object) type properties
Considerations
- Field and group names must exactly match Entra ID
- Some fields are read-only or immutable
- Proper configuration impacts synchronization and authentication
💡 Best practices
- Validate available attributes in Microsoft Entra ID beforehand
- Use consistent nomenclature in groups and properties
- Perform import tests before productive synchronization