Setup and configuration of the Entra integration requires the partner to have Integrator or Administrator Permissions in PDK.io. In the Entra software, the Global Administrator role is required. Entra users without this role assignment will encounter an error during the authorization flow.
Setting up the Group Mapping of an Entra Group to an associated PDK.io Group can only be performed once the Entra Group has been configured. Once this has been performed, the Tenant Domain must be linked to the PDK.io Customer Account. To do this, tap/click the Configure button in the System Settings - Integrations tab and then enter the Entra domain that will be used, then tap/click the Connect button.
Once the Tenant Domain has been connected to the PDK.io Customer Account, the option to begin adding Group Mappings will be available, along with an option to re-sync People and Group Mapping data.
To begin mapping an Entra Group to an associated PDK.io Group, follow the steps below:
- Tap/click the + Add group mapping link to open the Group Mapping interface.
- Tap/click on the Entra Group field and select the appropriate source Entra Group.
- Tap/click on the PDK Group field and select the appropriate target PDK Group.
- Tap/click the checkboxes to issue PDK.io Bluetooth/Mobile App Credentials to the Person.
- Tap/click the Save button beneath the Group Mapping dialogue. This will sync/save any changes that have been made.
If a Person is removed from an Entra Group, which is part of a Group Mapping, when data from Entra is synced that Person's details in PDK.io will not be removed from the PDK.io Customer Account but the Person will be removed from the PDK.io Groups which were removed from the Group Mapping list. This allows Entra administrators to freely move users between mapped groups without deleting previously issued PDK.io credentials.
If the People Details in PDK.io are changed/deleted in PDK.io instead of Entra, when the Entra data is synced these changes will be overwritten, matching the value in Entra. If a User is entirely deleted from Entra, when Entra data is synced to PDK.io, the People (along with any Credentials and access rules) will be deleted from PDK.io.
Details regarding PDK.io People and Groups need to be entered into Entra first in the appropriate Entra fields that correspond to the PDK Person Details entries. Once the Person Details have been entered into Entra, this data will be synchronized to the PDK.io Customer Account, overwriting any duplicate entries. People will only be initially synced from Entra to PDK.io if the People entries belong to an Entra group that has been mapped to a PDK.io Group.
The table below shows how Entra Fields relates to the PDK.io People Details.
Entra Field | PDK Person Detail |
Display Name | First name, last name |
User principal name (UPN) | |
Email (overrides UPN) | |
Account enabled | Enabled |
PIN (custom security attribute) | PIN |
Card (custom security attribute) | Card number |
In most cases, an Entra user's email address is defined by the User principal name (UPN). However, if the optional Email field is used in Entra, this will be used instead.
Any changes made in Entra will be synced over to PDK.io (approximately 6,000 Entra Users per hour). If an Entra Group in a Group Mapping contains a nested group, members of the nested group will be synced to PDK.io as if they were direct members of the mapped group.
The words in the Entra Display Name field (separated by spaces) are split between the PDK.io detail fields for First Name and Last Name using the humanparser function.
If an Entra Display Name field contains only a single word (e.g. “Admin”), the First Name field in PDK.io People Details will be blank (populated with a zero-width space character), and the PDK Last Name field is populated with the Entra Display Name. This allows for readability in PDK.io.
Comments
0 comments
Please sign in to leave a comment.