Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2017
Views
1
Helpful
0
Comments

Introducing our improved Azure Active Directory sync

mkorovesisduo
Level 4
Level 4

on ‎11-08-2019 06:57 AM

Today, we finished releasing an updated version of our Azure Active Directory (AAD) sync functionality. This update contains a number of long-requested features, including support for custom attributes and significant performance improvements for both single user and full synchronizations.

Let’s take a look at what this update adds.

Performance improvements for single user and full synchronizations

The speed at which single user and full synchronizations run have been greatly increased with this new implementation. For particularly large directories, the time for a single user sync has dropped from over 20 minutes to 2 to 3 seconds.

Custom attributes

For directory syncs, Duo selects default mappings for attributes. However, customers sometimes have unique directory structures and may need to use different attributes for username (including aliases), email, or telephone. This could be due to legacy decisions from local Active Directory mirroring up to Azure Active Directory in hybrid mode. To accommodate the unique structures of our customers’ directories, our goal is to allow customers to configure which field they will use for username (including aliases), email, phone number, and bring on additional fields from Active Directory.

Sync logging

Additional information will be made available to administrators in the logs regarding user metrics:

  • Users seen: Total number of users that were processed in the sync
  • Users added: Total number of new users
  • Users removed: Total number of users removed
  • Users modified: Total number of changed users

Error reporting

Clearer error messaging that helps provide direction on how to manage an error appropriately.

More consistency between Azure AD and on-premises Active Directory

For customers who use both on-prem AD and AAD, there will be greater parity in the experience.

Updating to the new AAD sync

All customers on a paid edition of Duo have access to this new version. If you are currently using AAD sync, you will need to reauthorize your sync after opting in to the new version.

To utilize the new functionality and reauthorize your synchronization:

  1. Log in to the Duo Admin Panel and navigate to Users > Directory Sync.
  2. Select your AAD sync configuration.
  3. Check the box labeled “Use new sync” and then click Save Directory.
  4. After the page reloads, click the Reauthorize button.
  5. Complete authentication with the designated Azure service administrator account that has the global administrator role for the Azure Active Directory.
  6. Click Accept in the prompt that appears.
  7. Repeat this process for each of your AAD synchronizations.

If you set up a new Azure Active Directory sync, it will have the “Use new sync” box checked by default.

We hope you find these new features helpful. Please let us know if you have any questions about these updates.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents