Synchronize user profiles and membership changes in KanBo installed as Office 365 group extension
Last modified:
There are 2 options to configure a job for synchronizing user profiles and keep the membership changes up to date in a scenario where KanBo is installed as Office 365 Groups extension. You can configure a job as:
- A job included in KanBo package
- A standalone job
Job included in KanBo package
1. Open KanBo web.config (in https://{your kanbo}.scm.azurewebsites.net -> Debug -> Powershell console -> site -> wwwroot folder) and start editing it.
2. Make sure you have the mapping entries added to web.config in <plugins>section. This is a configuration of a job for synchronizing user profiles with their mappings.
<job.profile-sync name="profiles">
<profiles-provider.graph>
<mapping graph="responsibilities" kanbo="AskMeAbout" type="string[]" separator=", ">
<mapping graph="aboutMe" kanbo="AboutMe">
<mapping graph="mail" kanbo="Email">
<mapping graph="givenName" kanbo="Name">
<mapping graph="surname" kanbo="Surname">
<mapping graph="mobilePhone" kanbo="Phone">
<mapping size="360x360" kanbo="Picture" type="photo">
</profiles-provider.graph>
3. Now under it, add the special job for synchronizing users.
<job-host name="external-groups-web" background="true" options="repeat wait_after(1m) log_time(debug) catch">
<job name="external-groups-job">
</job-host>
<job.security-group-sync-source name="external-groups-job">
<security-group-sync-source.graph />
You can configure options by using the following values:
- `log_time(log_level)` - will log the step on the right to log if it finishes successfully
- log levels are: `debug`, `info`, `warn`, `error`, `fatal`
- `timeout(time)` - will tell the step on the right to stop in the middle of processing if it occurs and instruct it to discard the pipeline on the left until it's caught by `catch`
- `wait_before(time)` - will tell the step on the right to wait immediately before running
- `wait_after(time)` - will tell the step on the right to wait immediately after running
- `bg` - will detach steps on the right from the pipeline and complete immediately (do not use `repeat bg` - it will spawn as much pipelines as possible)
- `repeat` - will instruct the pipeline on the right to repeat forever
- `catch` - will instruct the pipeline to catch any errors on the right side of pipeline, if not set, any failure will crash the whole pipeline
TIP: you can run 2 jobs at once using:
<job-host name="Job2" options="log_time(debug) catch"> <job name="ext-groups" /> <job name="profiles" /> </job-host>
4. Save the changes in web.config.
Standalone job for synchronizing groups and memberships
In this scenario, the synchronizing jobs will be added as a separate component as an Azure Webjob which will run the sync after a chosen period of time.
- Get the KanBo.ConsoleJobHostRunner fromKanBo package and move all files (dlls) from Web -> bin there.
2. Open the KanBo.ConsoleJobHostRunner.exe.config and start editing it.
3. Under <plugin alias="plugin-loader.directory" path="." />, add the job for sync of Profiles.
<job.profile-sync name="profiles">
<profiles-provider.graph>
<mapping graph="responsibilities" kanbo="AskMeAbout" type="string[]" separator=", ">
<mapping graph="aboutMe" kanbo="AboutMe">
<mapping graph="mail" kanbo="Email">
<mapping graph="givenName" kanbo="Name">
<mapping graph="surname" kanbo="Surname">
<mapping graph="mobilePhone" kanbo="Phone">
<mapping size="360x360" kanbo="Picture" type="photo">
</profiles-provider.graph>
<job-host name="Job2" options="log_time(debug) catch">
<job name="profiles">
</job-host>
4. Under the last entry, add a job for synchronizing:
- groups of users and
- cleaning user groups (it works when there are membership changes and synchronizes KanBo group to current Office 365 group state).
<job-host name="Job1" options="log_time(debug) catch">
<job name="external-groups-job">
<job name="cleanup-users">
</job-host>
<job.security-group-sync-source name="external-groups-job" />
<cleanup-users-when-sync-removes name="cleanup-users" />
5. Under these jobs, you must add your Graph configuration (authentication entry) from Web.config.
<graph client-id="{App ID}" tenant="{Tenant ID}">
<signer type="X509SignerFromStore" storename="My" storelocation="CurrentUser" key="Thumbprint" value="{Thumbprint to certificate from web.config}" validonly="false">
</graph>
6. Configure the Kanbo API service. KanBo API service requires a certificate. See more here how to generate a new certificate for this purpose and how to upload it on Azure. Add this entry and fill it with your KanBo address as well as the certificate's thumbprint.
<kanbo-api.service issuer="worker1" url="{Your KanBo address}">
<signer type="X509SignerFromStore" storename="My" storelocation="CurrentUser" key="Thumbprint" value="{Certificate's thumprint}" validonly="false">
</kanbo-api.service>
7. Add the following entry under KanBo Api service configuration.
<security-group-sync-source.graph>
8. Adjust the connection string to match your database information. You can copy the connection strings entry from web.config.
<add name="KanBoContentConnectionString" connectionstring="Server=tcp:{ SQL Server address},1433;Initial Catalog={Database Name};Persist Security Info=False;User ID={AdministratorLogin};Password={AdministratorPassword};MultipleActiveResultSets=True;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" providername="System.Data.SqlClient">
Now you can save the configuration.
9. Pack the ConsoleJobHostRunner in a .zip file and create a new Webjob on Azure. Go to Webjobs while you are on your KanBo's site in Azure and click on +Add.
10. Figure out a name for the Webjob. Then add the .zip file which was created before. Select the Triggers to scheduled and add a CRON extension configured to your needs. Click on OK to create the web job.
10.The KanBo jobs should run now after a period of time selected by CRON Extension.