Microsoft Entra ID has an ID that allows users to be uniquely identified.
This ID is known as the Object ID. For example, for this user:
When a user import process is executed from Microsoft Entra ID to SMARTFENSE, the following process is followed:
For each user received from Microsoft Entra ID:
-
We check the user's Object ID.
-
We verify if a user with that Object ID already exists in SMARTFENSE.
-
If one is found, we take that user and proceed to edit it.
-
If no user is found, we check the user's email.
-
We verify if a user with that email already exists in SMARTFENSE.
-
If one is found, we take that user and proceed to edit it.
-
If no user is found, we check the user import configuration to determine how to establish the user's username. This can be based on:
- Mail Nickname
- First part of the UPN (User Principal Name) before the @ symbol
- Full UPN (User Principal Name)
-
We then construct what the username for the user being imported should be.
-
We check if a user with that username already exists in SMARTFENSE.
-
If one is found, we take that user and proceed to edit it.
-
If no user is found at this point, we proceed to create a new one.
User Editing:
- Object ID:
When editing a user, all their fields are updated to match the user imported from Microsoft Entra ID.
If the user was found by email or username, their Object ID is stored in SMARTFENSE, so that in the next synchronization, they will be identified by this unique value provided by Microsoft Entra ID.
This ensures that the user information in SMARTFENSE uniquely corresponds with the data in Microsoft Entra ID.
Username:
-
Each time a user is edited, the configuration the instance has set for creating usernames is reviewed, which can be based on:
- Mail Nickname
- First part of the UPN (User Principal Name) before the @ symbol
- Full UPN (User Principal Name)
-
If the username the user currently has does not match the one they should have according to this configuration, it is updated.
This ensures that users always have the username structure chosen, even when configuration changes are made.
In some cases, the selected option for creating usernames is not ideal, as multiple users may end up with the same username. This happens when using:
- Mail Nickname
- First part of the UPN (User Principal Name) before the @ symbol
Since these are not unique data points in Microsoft Entra ID, this can lead to the following situation:
- A user is identified for editing.
- This may be because:
- The Object ID of this user already exists in SMARTFENSE.
- Or, the user's email already exists in SMARTFENSE.
- Their current username is oldUsername.
- According to the instance configuration, their username should be newUsername.
- This may be because:
- When trying to save this username (newUsername), we find that it is already in use by another user.
- In that case, all of the user's data will be updated, but their username will remain as oldUsername.
Display Name:
- When a user is imported from Microsoft Entra ID, their first and last names in SMARTFENSE are taken from the following directory fields:
- First Name: givenName
- Last Name: surname
- In some cases, these fields are empty. If this happens, the platform uses the display_name field to construct the user's first and/or last name.