Skip to main content
Skip table of contents

Connector for Microsoft Entra ID (Azure AD)

This documentation references external sources. Nexthink does not have control over the accuracy of third-party documentation, nor any external updates or changes that might create inconsistencies with the information presented on this page. Please report any errors or inconsistencies to Nexthink Support.

The connector for Microsoft Entra ID (formerly named Azure AD) allows you to import user information from Entra ID. You can schedule the feature to run automatically and communicate with the Azure app according to the configuration of the Azure portal.

Prerequisites

  1. Set up Microsoft Entra ID Connect if you have Hybrid Azure AD joined devices. Refer to the Microsoft tool to identify the state of your devices.

  2. Register a new application in your Azure portal.

    • During the registration process, make sure to select the Single tenant option.

    • For the Redirect URI part, using the drop-down list, select Web.

    • When asked for the application permissions, select User.Read.All.

Check Microsoft documentation on how to install and configure Microsoft Entra ID Connect.

Configuring the Nexthink web Interface

To set up an Entra ID connector using the Nexthink web interface:

  1. Access Administration > Inbound connectors from the main menu.

  2. Choose the Entra ID (Azure AD) option from the Inbound connectors page.

  3. Click on the New connector button in the top-right corner of the page.

  4. Fill out the fields under the General tab following the in-product documentation in the right-side menu of the Nexthink web interface.

Configuring an Entra ID connector.

You can configure more than one Entra ID connector with different settings.

Field Mapping

After configuring the General Tab from the selected Entra ID connector page, you can map Nexthink user fields with their corresponding Entra ID properties:

  1. Click the Field mapping tab from the selected Entra ID connector page.

  2. Type in the exact name of the desired Entra ID property in the text input field under Common.

  3. In addition, you can Add custom field mapping to quickly map Entra ID fields using expandable dropdowns with suggested items: created user-type custom fields and Entra ID properties.

    • You can still type in any Entra ID property not suggested by the expandable dropdown.

Mapping Entra ID properties to populate custom fields.

Field mapping table

The table below is an example of mapping common Nexthink fields and Entra ID properties by typing in the property names directly in the Nexthink web interface. Consider the following:

  • Entra ID property names are case-sensitive.

  • Text input boxes for Entra ID properties let you control field mapping. For instance, you can have the Distinguished name field populated with the employeeId property.

Nexthink Field

Entra ID Field

Description

Distinguished name

onPremisesDistinguishedName

Employee's name as displayed in the address book.

Name

userPrincipalName

Employee's user principal name.

Full name

displayName

Employee's name as displayed in the address book.

Email

mail

Employee's email address.

Department

department

Name of the employee’s department.

Job title

jobTitle

Employee's job title.

Location/Office

officeLocation

Name of the employee’s office location.

Locality name/City

city

Office location - city.

Country code

postalCode

Office location - postal code.

Organizational unit name

streetAddress

Office location - street address.

sid (*)

id

(*) Although this value is normally gathered by Nexthink Collector, when a synchronization process occurs between Entra ID and Active Directory, the sid must be gathered and cannot be mapped because of identification processes carried out by other connectors.

F.A.Q.

What is the connector for Entra ID used for?

  1. To enrich Nexthink user data from Entra ID in order to enhance user visualization.

  2. To enrich Nexthink user data in order to identify users for other import connectors:

    • Connector for Microsoft Teams for hybrid configurations using the sid value.

    • Connector for Zoom using the email value.

How do we troubleshoot the connector for Entra ID?

Currently, the only way to troubleshoot issues with the connector for Entra ID is to reach out to Nexthink support.

Can I map any field from Entra ID?

As long as the field exists in Entra ID, it can be mapped in Nexthink Experience. If you leave the field blank, it will not be enriched, and dash - appears in the NQL query results.

Can I apply transformations to the imported fields from Entra ID?

All fields are transformed into strings by default, therefore the system cannot apply transformations at this point.

Are there any fields that cannot be mapped?

There are two fields imported and enriched in the Nexthink data model that cannot be mapped. These fields are onPrem_sid and email_address.

Since the system uses the fields for identification purposes on connectors for Microsoft Teams and Zoom, the customers are not allowed to map them to other fields in Entra ID.

What if I need to retroactively remove email addresses (or any other field) because of GDPR?

To retroactively remove mapped email addresses (or any other field) add [deleteMe] in the corresponding Entra ID field box and save the connector.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close