Backdrop offers the ability for users to setup a sync with Azure Active Directory. This sync imports the users and groups required for Backdrop to function. This article is intended to guide the user on how to get setup and what options are available.
Azure AD integration is powered by the Microsoft admin consent system. Users select the School Setup option under administration in Backdrop.
Azure AD integration is not available when the follow Integrations have been setup:
This action takes users to the Integration select screen where you select either Microsoft or Google setup. Select Microsoft and you are redirected to the account selection screen. Here they can select the user account they want to give admin consent with. Once given, Backdrop uses this account to query Azure Active Directory. The data returned is based on the permissions of that account returning only what they have access to.
Once an account is selected and access approved, the flow takes the user to the Microsoft integration setup screen in Backdrop. Here a user can select the type of Integration they want.
Type of Import
Full imports are powered by Microsoft Graph and support either Azure AD or School Data Sync Microsoft services. These imports pull in both users and groups and can be used to do a complete school setup without an MIS/SIS system. Groups only imports are powered by Microsoft Teams. This requires that users have already been added to Backdrop by MIS/SIS or CSV upload. Backdrop checks that the members of the Teams groups are already present in the solution and if they are, the Microsoft Teams groups are added as teaching groups for use in Classroom/Wellbeing. The full import option (Azure/Education) also adds Teams groups if available.
Select the data source to Microsoft Education (School Data Sync) or Azure AD (Active Directory) depending on where your data is stored you wish to import. Only one data source can be used.
Include Automatic Login Credentials
This takes the email address of the student users and populate the auto login system with this data. This allows the system to automatically identify students on devices where the Backdrop device client is installed. The system adds the full email to identify users on ChromeOS or Android devices. For Windows and macOS devices we read everything before the @ symbol as the local user account on the device
firstname.lastname@example.org - login for ChromeOS/Android
a.student - login for Windows/Mac
Once you are happy with your selections, click Update Details
Azure AD Mappings
Now the correct mappings requires to be setup between the groups in Azure and the areas in Backdrop they are imported. Please note:
- Mappings should be added one mapping type at a time
- Multiple Azure AD groups can be selected for that mapping type
- It is not possible to start a sync without a minimum of one User mapping and one Child mapping
- If no Student Group mapping is created then all available groups will be imported from Azure
Select the "Add New Mappings" button.
First you need to select the type of mapping to use. There are two types of mapping available: people mappings and student group mappings.
These cover staff and children that you want to import into the system. When adding a mapping under these types a membership will be created in Backdrop. There must be people mappings added to successfully sync data.
- User - members of your Azure AD group are added as Staff member user. The Azure AD group is not added by name as a user group containing these users
- Child - members of your Azure AD group are added as Students. These users populate the student side of the system and are the users who are monitored on devices.
Student Group Mapping
This mapping type creates the Backdrop groups that correspond to Azure AD groups as a container and adds members to the Backdrop groups that are displayed in Student Groups. There must be people mappings added to successfully sync data.
- Tutor Group - members of this Azure AD group are identified and added to a Tutor Group. These groups are displayed under the Tutor groups section under students/children. The Backdrop group name will correspond to the Azure AD group.
- Teaching Group - members of this Azure AD group are identified and added to aThese groups are displayed under the Teaching groups section under students/children. The Backdrop group name will correspond to the Azure AD group.
We recommend starting with staff users to ensure they have correct access before adding children and student groups.
Once you have selected the correct mapping type, choose the groups you want to import with this mapping and click the Done button.
Repeat the above steps to add the additional mapping types to your config. Remember only one mapping type can be added at a time and at least User and Child need to be added.
For large scale mappings, a search field filters groups based on the characters entered and a multi select option to add groups on mass.
Once you are happy with groups you want to import. Click on the "Start Sync" button to begin the import process. This can take several minutes depending on the size of the import.
The sync runs automatically every 12hrs. Mappings can be updated at anytime from the edit Microsoft settings under school setup.
*If for any reason you are not happy with your mapping selections you can remove these individually using the bin icon next each mapping.
Alternatively you can delete all your azure mappings by using the "Delete All Mappings" button.
Depending on how many mappings there are to delete this may happen instantly or it is sent to a queuing system which we aim to delete them within 24 hours.