Azure Active Directory (SAML SSO 2.0) User Sync Configuration – Help Center | Foxit Software

Once you complete Azure Active Directory SSO/SAML Configuration(Azure Active Directory SSO/SAML Configuration – Help Center | Foxit Software), follow these steps to sync users in your AAD.

1. To apply for permission

1.1 Click App registrations in the left sidebar

1.2 Click New registration (in the top bar) → All applications → choose your Admin Console app

1.3 Click API permissions → Add a permission → APIs my organization uses → Microsoft Graph

1.4 Click Application permissions

1.5 Choose User → User.Read.All ,Group →"Group.Read.All", and Group Member→ "GroupMember.Read.All" then click to add permissions.

1.6 Click Grant admin consent for <your Directory>

1.7 Click Yes

1.8 The status of the directory is displayed as Granted

2. User sync configuration in Azure AD and Admin Console

2.1 Back to Home → Azure Active Directory → App registrations → All applications → Click <your app> → Overview, then note the Application (Client) ID and Directory (tenant) ID

2.2 Click Certificates & secrets in the left sidebar, click New client secret, input a desired Description and Expires date

2.3 Note the Value field of the client secret

2.4 Input the Application (Client) ID, Directory (tenant) ID and secret value retrieved from Microsoft Azure into Application ID, Directory (tenant) ID and Application Secret of Admin Console (User ID Management > Directory Setting)

In Sync scope setting, there are three options, "Sync all users", "sync all groups and users" or "sync only assigned groups and users" from Azure. It is recommended to select "sync only assigned groups and users" if you want to sync specific groups of users.