General Settings
      Back to home
      1. AskCody Help Center
      2. Troubleshooting
      3. General Settings

      Troubleshooting the User Synchronization with Entra ID

      Learn the steps you can take when the user synchronization is not working as intended

      After having set up the user synchronization integration with Entra ID, users and groups should be synchronized into the AskCody account from your Entra ID. However, there can be cases in which users are not updated into AskCody. In this guide we try to show the steps you can do to troubleshoot issues, and make sure the users are synchronized correctly.

      Sections in this article:

       

      Monitoring synchronization status

      Users and groups that you add to the scope of the app provisioning configuration should be created and kept up to date in AskCody. However, due to certain settings in Entra ID, there may be cases in which some users are not synchronized as expected. To troubleshoot for those cases, please locate the “Provisioning logs” menu at the left of the Provisioning section of your Enterprise Application:

      In here, you can see the status of the cycle and will see if there are any error messages.

      You will be able to see detailed information about the data flow on the Provisioning Service. If there are any errors in the provisioning service, like a user, or a group of users not being synchronized as expected, you will find log entries in the Provisioning logs with the “Failure” Status on the Logs table:

      Click on the one you would like to troubleshoot, and then click on the “Troubleshooting & Recommendations” tab.

      In case you have an extensive table and it is difficult to locate the entries with Failure status, you can also manually synchronize a user or group, in case you know already which group or users are the ones affected, and then refer to the logs again and see the most recent entries. Please note that the logs may take a couple of minutes to update, so if needed, click on Refresh at the top of the logs.

      Under “Error message” you should see relevant information to help you troubleshooting:

      In this case, the user did not have an ‘email’. To correct this, you can simply fill out the information in the User’s profile in Entra ID, and the User should soon be automatically synchronized into AskCody, unless there are additional errors.

      Manually synchronize a specific user or group with Entra ID

      To immediately synchronize a user, or group of users that were not synchronized as expected, it is possible to Provision users and groups on demand (as long as they are within the scope of the provisioning service).

      To do so, click on the “Provision on demand” button on top of the “Overview” page of the Enterprise Application used for Provisioning Users and Groups into AskCody:

      In here, find the user or group you would like to manually provision immediately, and click at the bottom on “Provision”:

      If everything is in order, you should see a screen like the following, with a “Success” status on all 4 steps. If there is anything additional that needs to be taken care of, you should see the details in here about what the issue is, then can proceed to perform the corrections in the User’s profile in Entra ID and try again.

      When the sync seems slow, or performance of the user sync is not running as expected on incremental cycles

      In cases where the security groups used for App Provisioning have a mix of object types (example: rooms, desks and users), Microsoft recommends to scope the sync to only valid users, as this will have an impact on performance.

      Steps to scope users within the Entra ID User Attributes

      First, go to the Provisioning section of the Enterprise Application you are using to sync users with AskCody within your organization's Entra ID. In here, click on Mappings and then on Provision Microsoft Entra ID Users:

      In here, locate the Source Object Scope section, and click on All records

      In here, please proceed to create a set of filter groups per attribute you want to scope on:

      scope

      The list of attributes that should be added here are as follows, with the following Operators:

      • mail
      • givenName
      • surname

      All of these should be set each in their scoping filter, and with the Operator “IS NOT NULL”, as shown in the GIF above. Notice that the names given to the scope are fully optional, and in your case, may differ from the ones used in this guide.

      When done with the scope, your scope list should have three scoping filters and look like the following, with the respective names you assigned them:

      Click on Apply at the bottom left of the page. You should be redirected to your User attributes list, where you should be able to see the names of the scoping filters you just created:

      In here, click on Save at the top left corner of the page:

      You may see the following message:

      Click on Yes and wait a few seconds for the changes to be applied. After this, you will have successfully scoped users and guarantee that only users are synced in via App Provisioning in cases where you have multiple object types in a security group within the provisioning scope.