What is Azure Active Directory?

Azure Active Directory (Azure AD) is a comprehensive identity and access management cloud solution that gives you a robust set of capabilities to manage users and groups.

How does the Kisi + Azure AD integration work?

If your organization uses Azure Active Directory (Azure AD), you can use the Kisi + Azure integration to keep your Kisi groups access directory up to date. With this integration, your Azure directory will sync to Kisi every 15 minutes.

Note: This integration requires a set up using groups. Kisi groups being synced with the Azure Integration shouldn’t be used to add manual users. You can set up separate groups to have the ability to sync and add one-off employees on an as-needed basis.

Enable the Kisi + Azure Directory integration

Note: To be able to set this integration up, you’ll have to have the correct permissions in Azure which is Global Admin. Also, this integration needs to be set up using the Kisi master account, essentially the login you used to create the place.

Emails added must be active email addresses. If an account with an inactive mailbox is added into Kisi as a member, email delivery will fail, and the account will automatically be blacklisted by Kisi's mail servers.

Log in with your master Kisi account, then click on the place and go to Integrations.

Steps to activate

1. Click on Add Integration, give it a descriptive name and select Azure Active Directory User Import from the dropdown.
2. Click on Authorize with Microsoft and you’ll be redirected to the Microsoft Authentication screen.
3. Authenticate with your Microsoft Account that has admin privileges.
4. Allow the integration read access.

5. Note that you are now available to choose between User Principal Name and Mail as the attribute you want to use for this integration under the tab "User Email Property". The default one is User Principal Name.

6. The following is the most critical step – mapping the Azure group to the Kisi group. Please be aware that once you hit “save” this configuration is set up immediately and access is being shared to everyone in this organizational unit.

• Select the “Group” on the Azure AD side – this will be the source of the access permissions that are synchronized with Kisi.
• Select the “Group Name” of the Kisi group you want to synchronize with Kisi. If there is no Group set up yet, click on “Groups” and create one.

Once you are sure everything looks correct: 

Press “ADD” and everyone in the Azure AD Group will get an email notification that Kisi access has been shared with them.

FAQ 

• How many Azure Active Directory Integrations can I add?
• Since companies might have more complex organizational setups we allow unlimited integrations (This depends on the type of Kisi subscription). Each integration supports up to 5k users.

• Do I have to create an extra integration for each group?
• Yes, every group needs its own integration.

• How fast does the integration synchronize?
• Kisi fetches the status of the Azure Active Directory every 15 minutes.

• If the integration is deleted, are all keys revoked?
• All shares will be deleted, but the user profiles remain. That means they can’t access using those credentials anymore, but can still log in to their app. Without credentials, they will not see any doors associated with your place, however.

• Why does deleting a user in Azure not delete it in Kisi?
• Deleting a user in Azure only deletes the share and not the member on the Kisi side.

• What admin level is needed to set up the integration?
• Only a global admin can set up the integration.

• Can I import nested OU’s?
• Not at the moment, unfortunately, but we are working to release this feature soon!

• I have a lot of OU's in Azure but I can only see a few of them when I try to import?
• The preview on the Kisi side only shows 5 OU’s. If you start typing in the search bar you should see your other ones as well. If not, please reach out to Kisi support here.