This article describes how you can manage your Curricula learners through integration with your company’s Microsoft Active Directory or Azure server. Syncing your Curricula learner group with Microsoft Active Directory or Azure it a two-step process. You can configure your settings to sync all your company contacts in your Active Directory or you can create a designated group in your Active Directory and only sync the contacts that will participate in Curricula training. (For instructions on configuring a designated group for training, see the Active Directory Group Sync (Optional) section below.)
Step 1: Register Graph API Application
First, you need to create a valid Microsoft Graph API application — you will enter these credentials into the Curricula app in Step 2.
Follow these steps to create a valid Microsoft Graph API application:
- Sign in to your Azure Portal
- If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the Azure AD tenant that you want.
- In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations > New registration.
- When the Register an application page appears, give your application a Curricula related name, for example, "Curricula Integration".
- When finished, select Register.
- Temporarily copy the following keys to a text file, as you'll be entering these values into Curricula later.
- Application (client) ID
- Directory (tenant) ID
- Select Certificates & secrets then "Add a client secret", choose an expiration time, and finally select "Add". Note: you will need to renew this secret when it expires to maintain a connection with Curricula.
- Temporarily copy the newly created client Secret Value into the text file from step 6, as you will need to input it into Curricula later.
- Select API Permissions then "Add a permission". Choose an "Microsoft Graph > Application permissions", select "Directory > Directory.Read.All", then select "Add Permissions". This is the only permission Curricula needs access to.
- Finally, select API Permissions, then select "Grant admin consent for..."
Step 2: Configure in CurriculaNext, you need to add these credentials from Step 1 into the Learner Management section of your Curricula group settings.
Follow these steps to add your copied data from Step 1 into your Curricula group settings:
- Sign in to your Curricula account and navigate to your group's directory sync settings at Settings->Learner Settings->Scroll to the Group you want to Sync->Edit->Management Tab. Choose "Microsoft Graph" as the management type and click "Update".
- Navigate to the Microsoft Graph section that will appear below. Paste the Directory (tenant) ID from the temporary text file you created into the "Tenant ID" field.
- Paste the Application (client) ID from the temporary text file you created into the "Client ID" field.
- Paste the Client Secret from the temporary text file you created into the "Client Secret" field.
- Click update, then "Manual Sync" to confirm everything is working.
Active Directory Group Sync (Optional)
Sometimes it can be helpful to only sync certain users from Active Directory with your Curricula group.
Follow these steps to do this using the Active Director “Groups” feature:
- In the left-hand navigation pane, select the Azure Active Directory service, and then select Groups > New group.
- Choose "Security" as the group type and give it a name/description. For example, "Security Training".
- Click on the newly created group's name then click "Members", from here you can add any users you want to the group.
- Next copy the Group's Object Id. You can find this ID by clicking on "Properties" and looking for the "Object Id" field.
- Lastly, paste that ID into the "Group ID" field of the "Syncing" of your Graph configuration in Curricula. Now only users who are inside this Active Directory Security group will be synced with Curricula.
UPN vs Email
If you would prefer to use the "UPN" (User Principal Name) attribute instead of the user's "Email" attribute, please check this box prior to syncing.