This article explains how to synchronize users and groups from Microsoft Active Directory (AD) on-premise to SMARTFENSE using a PowerShell script. It details the registration of the application within SMARTFENSE, the download of the script, and the data required for execution.
The configuration is available under Users and Groups > Import and Synchronization > From PowerShell Script.
Prerequisites
- Access to a machine with connectivity to Microsoft Active Directory (AD) on-premise.
- PowerShell 7 or higher installed on that machine.
- Permissions to read users and groups from AD.
- Administrator access to the SMARTFENSE instance.
The minimum required version to run the process is PowerShell 7.
Steps to Perform the Import
1. Register the Application in SMARTFENSE
- Go to the Registered Applications section of SMARTFENSE.
- Click on Register New Application.
- Assign a name to the application.
- Take note of the automatically generated data:
- Client_id: Application ID.
- Client Secret: Secret ID of the registered application.
- Configure the following fields:
- Authorization Grant Type:
Client credentials. - Scopes:
Write users.
- Authorization Grant Type:
- Save the configured application.
The Client_id and Client Secret generated here belong to SMARTFENSE and are different from those used in Microsoft Entra ID configuration. Keep them in a secure repository.
2. Download and Run the Script
- Download and unzip the PowerShell file from the link provided on the screen.
- Right-click on the unzipped file and select Run with PowerShell.
- Fill in the requested data on the screen.
- Press Enter to start importing users.
What the Script Does
The script allows you to create new users and edit existing users in SMARTFENSE, keeping the instance aligned with the local directory.
💡 Best Practices
- Store the Client_id and Client Secret values in a safe place, as they are necessary to authenticate the connection.
- Run the script from a machine with access to Microsoft Active Directory (AD) on-premise and with appropriate permissions to read users and groups.
- Perform an initial test with a controlled subset of users before running the full import.
- Verify that the environment meets the minimum PowerShell 7 version before starting.
- If you need recurring runs, schedule the script in the operating system (for example, in Windows Task Scheduler). This integration does not support periodic synchronization from SMARTFENSE.