Release of DynamicSync 2.0 – Custom attributes for Entra ID group memberships
The latest version of DynamicSync 2.0 focuses on custom attributes. Custom attributes in Microsoft Entra ID and Active Directory are company-specific attributes that are useful for filtering group memberships. Read on to find out how quickly and conveniently DynamicSync 2.0 makes these attributes available.
There are also innovations in the integration of various user roles and other useful features, particularly for IT administrators.
Index
Group focus as the new standard
In DynamicSync 2.0, you can now see all dynamic groups at a glance. In version 2.0, there was a change from the job perspective to the group perspective for a better and more intuitive overview.
The group name now appears at the top of the display, making it easier to find your way around the application:
Custom attributes for use in dynamic filters
Custom attributes for dynamic group memberships
DynamicSync 2.0 now provides a separate, user-friendly configurator interface. This makes it easy to add customised attributes and make them available immediately as filters.
The advantage over Entra ID is that these attributes are permanently available in the filter and do not have to be added individually for each group.
Find out in another article how you can generate up to 50 nested filters for dynamic groups with DynamicSync.
Custom security attributes for additional security features
DynamicSync provides custom security attributes in the new version to attach additional attributes to objects. This is a schema extension for global Entra attributes as opposed to custom attributes that are added by applications (such as AAD Connect).
For example, an additional home office address, salary information or certain security features for employees can be maintained. These attributes are valid for the entire tenant and do not belong to an application.
Dynamic memberships for roles in Entra ID
Automatic role assignments for apps and subscriptions
In Entra ID, it is not possible to set the membership type to “dynamic” if a role authorisation is attached to the group. With DynamicSync, however, it is possible to dynamically organise the management of Entra roles. This means that users from a specific department can automatically be assigned the reader role, for example to view a landing zone for a subscription.
App authorisation roles “Contributor” and “Reader”
In addition to the admin role, DynamicSync now offers two further roles, “contributor” and “reader”. These additional roles enable restricted access to DynamicSync for further user groups.
Contributors configure dynamic groups, but not the application itself (e.g. custom attributes). Auditors who use DynamicSync as readers do not have any editing options.
Further information
Filter queries adjust to user properties
During the filter query, the operators (query parameters) adapt to the selected user property. Example: If a user selects the query “accountEnabled”, they are only given the appropriate options to choose from, “eq” and “eq Null”. This simplifies the quick creation of filter queries. In Entra, the user has to select the correct parameter from a long list.
Performance improvements and backend updates
In version 2.0, numerous optimisations have been made in the backend, leading to a significant increase in performance.
Dynamic groups in Entra ID – Find out more now
DynamicSync ist eine Automatisierungs-Software für Cloud-Gruppen der FirstAttribute AG. Als reiner Cloud-Dienst (SaaS) spezialisiert sich DynamicSync auf
dynamische und automatische Gruppen-Synchronisierungen in Entra ID.
In addition to an online demo, our team is also available by phone. Give us a call at
+49 89 215 442 40.
About First Attribute
FirstAttribute AG is an independent, German cloud service and software company specialising in Identity & Access Management (IAM) for AD and M365.
Since its foundation in 2001, FirstAttribute has successfully supported many well-known medium-sized and large companies in Germany and internationally.
Contact us if you have any questions about dynamic groups in AD and Entra ID, as well as questions about Identity & Authorisation Management and M365/Microsoft Teams.
