What is Azure Active Directory?

Azure Active Directory (Azure AD) is a comprehensive identity and access management cloud solution that gives you a robust set of capabilities to manage users and groups.

How does the Kisi + Azure AD integration work?

If your organization uses Azure Active Directory (Azure AD), you can use the Kisi + Azure integration to keep your Kisi groups access directory up to date. With this integration, your Azure directory will sync to Kisi every 5 minutes.

Note: This integration requires a set up using groups. Kisi groups being synced with the Azure Integration shouldn’t be used to add manual users. You can set up separate groups to have the ability to sync and add one-off employees on an as-needed basis.

Enable the Kisi + Azure Directory integration

Note: To be able to set this integration up, you’ll have to have the correct permissions in Azure. Also, this integration needs to be set up using the Kisi master account, essentially the login you used to create the place.

*Important* - Emails must be active email addresses. Otherwise, they will be blacklisted by Kisi's mail servers.

Log in with your master Kisi account, then click on the place and go to Integrations.

*Note that you are now available to choose between User Principal Name and Mail as the attribute you want to use for this integration under the tab "User Email Property". The default one is User Principal Name.*

1. Click on Add Integration, give it a descriptive name and select Azure Active Directory User Import from the dropdown.
2. Click on Authorize with Microsoft and you’ll be redirected to the Microsoft Authentication screen.
3. Authenticate with your Microsoft Account that has admin privileges.
4. Allow the integration read access.
5. The following is the most critical step – mapping the Azure group to the Kisi group. Please be aware that once you hit “save” this configuration is set up immediately and access is being shared to everyone in this organizational unit.

• Select the “Group” on the Azure AD side – this will be the source of the access permissions that are synchronized with Kisi.
• Select the “Group Name” of the Kisi group you want the credentials being synchronized with. If there is no Group set up yet, click on “Groups” and create one.
  
  

If you are sure that everything looks good:

Press “ADD” and everyone in the Azure AD Group will get an email notification that Kisi access has been shared with them.

FAQ 

• How many Azure Active Directory Integrations can I add?

  • Since companies might have more complex organizational setups we allow unlimited integrations (This depends on the type of Kisi Subscription). Each Integration supports up to 5k users.

• Do I have to create an extra integration for each group?

  • Yes, every group needs their own integration.

• How fast does the integration synchronize?

  • Kisi fetches the status of the Azure Active Directory every 15 minutes.

• If the integration is deleted, are all keys revoked?

  • All shares will be deleted, but the user profiles remain. That means they can’t access using those credentials anymore, but still can log in their app. They might see an empty screen then though.