Adding a domain for regular User synchronization in Access Control (Access Control → Microsoft 365)

Target

• Administrators performing periodic synchronization of users from Access Control to Microsoft Entra ID
• Administrators who want to add domains for user synchronization

Purpose

• This explains the procedure for customers who are performing periodic synchronization from Access Control to Microsoft Entra ID and want to add/change domains to be synchronized.

Notes

1. The content of this article is based on the product specifications as of March 2025 and may change without notice thereafter.
2. Global administrator privileges of HENNGE Access Control are required to set up user synchronization.
3. Please refer to the following article for how to access the administration screen.
   How to access the HENNGE Access Control administration screen
4. User synchronization needs to be set up on a domain basis.
5. Before executing user synchronization, it is necessary to register the required users in HENNGE Access Control in advance.
6. Users created in Microsoft Entra ID through user synchronization from HENNGE Access Control will not be granted Microsoft 365 licenses.
   Please grant Microsoft 365 licenses to administrators as needed after synchronization.
7. After enabling periodic synchronization, user information will be synchronized from HENNGE Access Control to Microsoft Entra ID every hour.
8. If you are synchronizing users from Active Directory to Microsoft Entra ID, this task is not necessary.

Pre-checks

• For the domain to be synchronized, change the domain of objects other than users.
  Change UPN of objects other than users to onmicrosoft.com domain

Procedure

1. Access [Provisioning Settings] from the HENNGE Access Control administration screen.

2. Click [View Details] in the [Sync from HENNGE Access Control] menu.

3. A list of domains on the tenant will be displayed, click [Dry Run] for the domain to be synchronized.

4. Click [Dry Run].

5. The following screen will be displayed, click the × button or [Close].

6. Click [View Audit Log] for the domain to be synchronized.

7. Click the download button in the Action column to check the results of the dry run audit log (CSV file).
The results of the dry run audit log will overwrite the previous results each time a dry run is executed.
※ The synchronization request will be deleted approximately 24 hours later.
※ The Max Allowed Deletions is not applied to the dry run, so a preview of user deletions exceeding the allowed rate may be output.

8. If there are no issues with the content, click [Sync Now] or [Enable Periodical Sync] for the domain you want to synchronize.

※ When executing [Sync Now], user information synchronization (add, delete, update) will be executed immediately, and Microsoft 365 users will be updated.
Please execute after confirming that the dry run results are as expected.

About "Sync Now"
User information synchronization (add, delete, update) is executed immediately.

About "Enable Periodical Sync"
User information periodic synchronization (add, delete, update) is performed from the sync source service to the sync destination service every hour.
※ It is recommended to set after confirming that the dry run and sync now can be executed as expected.

About Sync (Add, Delete, Update)

• Add: If the user exists only in the sync source service and does not exist in the sync destination service, the user will be added to the sync destination service.
• Delete: If the user does not exist in the sync source service and exists in the sync destination service, the user in the sync destination service will be deleted.
• Update: If the same user exists in both the sync source and sync destination services and there are differences in items such as last name, display name, etc., the value of the sync destination service will be updated to the value of the sync source.

9. If necessary, change the following settings and then click [Sync Now] or [Enable Periodical Sync].

・Max Allowed Deletions
If a deletion process exceeding the set % is attempted, the process will be canceled to prevent unintended mass user deletions.
Example: If the Max Allowed Deletions is 65%, the process will be canceled if 65% or more of the users are deleted during synchronization.

10. Regarding the execution results, check the Sync Logs or the status of the Periodical Sync.

For how to check the Sync Logs, please also refer to the following article.
Check the Sync Logs (Modern View)