Ciso Logo
Ciso Logo

Synchronize Users

Published: April 3, 2025Last updated: May 21, 2025

If you are using Microsoft Entra ID to authenticate access to Ciso, we recommend setting up synchronization between MS Entra ID and Ciso.

Note:

To enable the synchronization option, you must follow the steps outlined in the Entra ID single sign-on setup article. Additionally, you need to configure the appropriate Group ID that should have access to ensure the Synchronization feature works properly.

Preview users

Before configuring automatic synchronization, we recommend that you first analyzes the list. This will allow you to manually review all Entra users with access to Ciso. The list will show all the users from the assigned group in Entra, giving you the opportunity to explicity mark accounts that should be blocked from access and not created in Ciso.

Types of users and persons

Ciso User (CU)

A Ciso User is a full user account in the Ciso system. This user can:

  • Log in to Ciso.
  • Be assigned Object roles such as Owner or Responsible.
  • A CU that has Write permissions is an account that consumes a license.

Named Ciso Person (NCP)

A Named Ciso Person is an individual registered in the Ciso system who can:

  • An NCP cannot log in to the system untill their status is upgraded to a Ciso User (CU). An NCP can be upgraded by logging in or by being invited.
  • A NCP does not have a Role or Permissions in Ciso.
  • Be assigned Object roles such as Owner or Responsible.

Entra User

This represents a user account in Microsoft Entra (formerly Azure Active Directory). It’s an identity that may be linked or referenced in the Ciso system but is managed through Entra.

The synchronization follows these business rules:

  • Entra users who are only in Entra and are disabled will not be synced.
  • Entra users that do not exist in Ciso will be created in Ciso as Ciso Persons.
  • Entra users that have been blocked in Ciso will not be synced.
  • If a Ciso Person that was previously synced no longer exists in Entra, the connection will be marked as deleted and the user will be disabled in Ciso. Already deleted connections will be ignored.
  • No action will be taken if the connection has already been marked as deleted.
  • If an Entra user is matched with a Ciso User, no changes will be made.
  • If an Entra user matches a Ciso Person, a connection will be created, and the person’s details will be updated with information from Entra.
  • If an Entra user is matched to a Ciso Person and a connection already exists, only the person’s details will be updated.