Skip to main content
日本語 简体中文 繁體中文

[Access Control] Change User Synchronization Source from HENNGE Access Control to Active Directory

Target

  • Administrator of HENNGE Access Control

Purpose

  • Switch the user synchronization method of HENNGE Access Control as follows.
    Before: Sync Source: HENNGE Access Control → Sync Destination: Microsoft 365
    After: Sync Source: Active Directory → Sync Destination: Microsoft 365 and HENNGE Access Control  

Notes

  1. This article is based on the product specifications as of July 2025 and may be updated without notice.
  2. Administrator privileges for HENNGE Access Control are required to verify the actual screen and change settings.
  3. Please refer to the following article for how to access the Administration.
    How to access the HENNGE Access Control Administration Console
  4. If there are any changes to the User Information, please consult with HENNGE One Technical Support in advance.
  5. The matching of the Immutable ID described later is mandatory.
     

Introduction: Overview of this task

This procedure changes the starting point of user synchronization to Active Directory.
The most critical point of this task is to match the user's Immutable ID between HENNGE and Microsoft 365.
If this task is not performed correctly, users may not be able to log in after synchronization, so please proceed carefully.

Overview of the task:

  1. Decide on the synchronization settings with Active Directory
  2. Matching of Immutable ID (Critical)
  3. Setup of HENNGE Directory Sync Tool
  4. Stop the current synchronization
  5. Start the new synchronization

Procedure

1. [Preparation] Decide on synchronization conditions

When introducing the HENNGE Directory Sync Tool, decide on the synchronization items and conditions from Active Directory.
Based on that, we will create and provide the necessary files for synchronization with Active Directory, so please contact HENNGE One Technical Support.

2. [Pre-task] Matching of Immutable ID

What is an Immutable ID?

A unique ID used to identify users in Microsoft 365.
In a federated environment, users are correctly authenticated by matching this ID between HENNGE and Microsoft 365.
Since a value is already set for the Immutable ID in Microsoft 365 due to the current synchronization configuration, perform one of the following methods in conjunction with the change in synchronization configuration.

Method 1: Hard Match (Recommended)

  • Overview: Set the value in the sync source attribute of Active Directory to match the existing Microsoft 365 Immutable ID.
  • Benefits: No need to disable federation.
  • Drawbacks: Requires Base64 encoding/decoding.
  • Procedure: Obtain the value of the Microsoft 365 account's Immutable ID and manually set it in the sync source attribute of Active Directory to match after synchronization.
  • Warning: Since it is encoded in Base64 during synchronization, setting the Microsoft 365 value as is will result in a different value after synchronization. Therefore, reverse encoding in Base64 is necessary.

Method 2: Soft Match

  • Overview: Clear the value of the Microsoft 365 Immutable ID and synchronize with the value on the Active Directory side.
  • Benefits: Less manual work and less chance of setting errors for the Immutable ID.
  • Drawbacks: Temporarily requires disabling federation, which may affect login methods during that time.
  • Procedure: Clear the value of the Microsoft 365 Immutable ID.
  • Warning: Since the Microsoft 365 Immutable ID cannot be cleared while federation is enabled, it is necessary to disable federation in advance. This task should be carried out in collaboration with HENNGE One Technical Support. 

3. [Introduction] Setup of HENNGE Directory Sync Tool

Perform up to [Administrator Task / Only for Password Synchronization] Confirmation of Password Settings for Synchronized User Passwords (Step 8) in List of HENNGE Directory Sync Tool Setup Procedures.

Warning: Do not execute synchronization at this point. Check the synchronization results with a test sync and adjust the settings as necessary. 

4. [Switching Task] Stop the current synchronization

In the HENNGE Access Control Administration, stop the currently running periodic synchronization with Microsoft 365.
Please refer to the following article.

[Access Control] Stop periodic synchronization with Microsoft Entra ID

5. [Switching Task] Execute synchronization from Active Directory

Perform [Administrator Task] Execution of HENNGE Directory Sync Tool (Step 9) in List of HENNGE Directory Sync Tool Setup Procedures.