Microsoft Entra sync

Module that allows you to connect to a Microsoft Graph API for your tenant(s), and import users from Microsoft Entra ID (prev. Azure AD) to Drupal user entities.

Features

The module will connect to one or more tenants and fetch your chosen properties from the users, and queue these up for importing in Drupal (using the Queue API).

When you have received the users from Entra you can filter the result by all fetched properties, with a number of operators, to reduce the number that should be imported. For example to only import users from a certain department, within a certain e-mail domain etc. This can be useful if you need to map different user groups to different roles in Drupal.

You are able to map your fetched properties from Entra to your own Drupal (text) fields on the user entity, decide which roles the incoming users should get, wether the user should be active or not, and wether you want to send welcome e-mail to the users, if they are set to active.

First import will get all users from the tenant, while subsequent requests will only get new or updated users (using delta queries), which will drastically reduce the time and resources used to sync. Users that has new data in Entra will be updated in Drupal when syncing.

Delta queries can be disabled if needed, in which case all users will be updated. This is useful if you need to change the fetched properties or the mapping.

You can set up sync to run on cron, so your user list always keeps up to date.

Additional Requirements

The module is dependent on and uses the Microsoft Graph API module for the SDK and the Graph API Key, which again is dependent on the Key module. You do not need to configure this module manually.

It is also dependent on having an Azure app configured with the right permissions (User.Read.All as a minimum). If you want to test it a good way to start is to sign up for the Microsoft 365 Developer Program. This is free, and will give you a free tenant with demo users to test with.

Post-Installation

Give the desired role(s) the permission to administer the module. Be restrictive, as the module works directly with users and can also grants them roles, so it can be used to escalate permissions.

Add key(s) to your tenant(s) through the key module, then go add as many syncronisations as you need using these keys.

Recommended modules/libraries

It's recommended to install Queue UI module, as this will give you a UI to this modules queues, and also the possibility to process queues on demand, and not only via cron. You might also want Ultimate Cron to set up more granular control of the update schedule.

It is also likely you would use OpenID Connect to allow the imported users to log in with their Entra ID.

For developers

There are two events exposed, one for altering the incoming users, and one for altering the user before saving to Drupal. See documentation.

Caveats

The module works for syncing to user entities in Drupal, but is still a work in progress. It does not yet:

• Do anything with remaining users. E.g. users that are in Drupal but no (longer?) in Entra
• Have any drush commands.
• Allow you to map to other entities than users.

For everything, use cases input and merge requests are welcome.