English (EN)
العربيةDirectory Sync for Entra ID enables organizations to seamlessly synchronize their user information from Microsoft Entra ID into Beem. By leveraging this capability, administrators ensure that user accounts, profile attributes, and status updates remain consistent and automatically maintained across both systems. This integration simplifies user lifecycle management, reduces manual work, and enhances data accuracy within the organization.
Directory Sync Initiation
With Directory Sync enabled, administrators can perform the following actions:
- User Creation: The Entra ID users that have been selected will be automatically provisioned to Beem.
- User Attribute Update: Any modifications made to user profile attributes in Entra ID will be automatically synced to Beem.
- User Deletion: Users deactivated in Entra ID will be synced to Beem and automatically deleted.
WARNING
Note: If a member is removed or leaves the organization and later returns, reactivating their account in Entra ID will treat them as a new user in Beem.
Before you start configuring Directory Sync, please review the following requirements:
Ensure each user’s phone number in Entra ID includes the country code using the format (+966512345678). Otherwise, the number may not be recognized during sync.
Before deleting any member, make sure all their resources have been manually reassigned to another member to prevent data loss.
If any data in Beem is modified while sync is disabled, enabling sync may result in:
- Duplicate accounts for members with multiple phone numbers.
- Existing data being overwritten.
If users already exist in Beem before enabling sync, the selected identification method must match how those users were originally created as shown below:
- If users were created in Beem using mobile numbers → you must select phone number in the sync settings.
- If users were created using email addresses → you must select email in the sync settings.
- If the user information does not match (mobile in Beem but email in Entra ID), the system will treat them as new users and create duplicate accounts.
- If it matches, existing users will be recognized correctly and their data (such as names) will be updated automatically.
WARNING
Note: The Entra ID user interface and the instructions provided within this article are intended solely for reference. Actual implementation steps may vary according to the platform in use or any updates made to the system.
Configure in Beem
- Navigate to Beem Admin Suite → Basic Settings → Directory Syncs → Sync with Entra ID.
- On Sync with Entra ID - Set up in Beem page. The Set up in Beem section displays the following configuration items. Complete all settings and click Save and Activate.
Member deletion rule: "Delete members directly" is set as the default option in this version.
Select attributes for identifying existing users when creating new users: Choose either phone number or email address as the attribute to identify existing users when creating new users.
WARNING
Note: The Email Login feature is only available in versions 3.10.0 and above.
Select how you configured the 'department' attributes in the directory: If you maintain a complete department structure string in your directory, Beem Admin will automatically set the department display on user profiles to "Current department only" to avoid redundant names.
Select what to process when more than one duplicate departments are found: 'Sync with Entra ID' maps department attribute names from Entra ID to department names in Beem Admin. If multiple duplicate departments exist for a member, you can specify the target department for the member (this can be modified later).
Configure in Entra ID
- On Sync with Entra ID - Set up in Entra ID, the required information is listed below. Click Go to Entra ID button and log in as an administrator.
- From the left navigator bar, go to Enterprise apps. Select Manage - All applications in the sub-side navigator bar, and click on New application.
- You will be landed on page Browse Microsoft Entra App Gallery. Click on Create your own application. The setup page would slide in from the right side. Input the name of the sync app and select the last option to integrate the application not been found in gallery.
Provisioning
- Back to the newly created application's Overview page.
- Click on Getting Started - Provision User Accounts.
- On Provisioning.
Select provisioning mode as Automatic. Regarding the Admin Credentials
Select the authentication methods as OAuths Client Credentials Grant.
Back to Beem Admin Suite - Sync from Entra ID - Configure Security Access. Copy the information back to Entra ID. -Tenant URL
- Token Endpoint
- Client Identifier
- Client Secret
Once the configuration is done, click on Test Connection to ensure the credentials are verified.
Click on Save
Setup Attribute Mapping
- Back to the Application's main page, go to Attribute mapping (Preview). You need to set up the mapping for both Group and Users. The attributes maintained in Entra ID and Beem may differ. Thus any discrepancy would lead to provisioning failure.
- Click Provision Microsoft Entra ID Groups
- Delete the attributes and only leave the attributes mapping listed in the table below.
| Customappsso Attribute | Microsoft Entra ID Attribute |
|---|---|
| displayName | displayName |
| members | members |
- Click Provision Microsoft Entra ID Users
- Delete the attributes and only leave the attributes mapping listed in the table below.
| Customappsso Attribute | Microsoft Entra ID Attribute |
|---|---|
| userName | userPrincipalName |
| active | Switch([IsSoftDeleted], ,"False", "True", "True", "False") |
| displayName | displayName |
| emails[type eq "work"].value | |
| phoneNumbers[type eq "mobile"].value | mobile |
| name.givenName | givenName |
| name.familyName | surname |
| title | jobTitle |
| addresses[type eq "work"].country | country |
| urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber | employeeid |
| urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager | manager |
| urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department | department |
| externalid | objectid |
You can also filter the users whose phone number attributes have value. In that case, you may reduce some error reports.
In the users' Attribute Mapping page, set the Source Object Scope and Add new filter group.
- You will be landed on the Add Scoping Filter page. Select mobile for the Source attributes and Operator as IS NOT NULL. Name the filter and Apply.
- Click on Save
Setup Assignment Rule
- Locate to the application's Manage - Users and groups section. Click on Add user/group.
- You would then be guided to Add Assignment. Select the dedicated group and save.
Start provisioning
- Back to the application's Provisioning Overview. Click on Start provisioning.
- After the first run, you will be able to see the provisioning basic information, provisioning logs and the current status.
- You will be able to view the sync log of each run.
Reactivate Entra ID sync
Once you stop the Entra ID Sync, Entra ID will receive a 401 error from Beem and isolate the present provisioning setup. The relevant error message would be of "SystemForCrossDomainIdentityManagementCredentialValidationFailure." Then the Sync would be stopped.
When you reactivate the sync in Beem, please ensure you reactivate the setup in Entra ID and test the connectivity of attributes as well. Once you pass the connectivity test, the setup will be released and you are good to proceed.