We run into the issue of people having different companies in their PSA that are linked to the same Office identifier. Based on how CloudRadial's sync processes work, this can cause issues.
The default behavior will be for CloudRadial to sync all the users within the PSA to a company in CloudRadial, and also sync all the users in Office into that company as well. Here's a common example:
- 10 companies
- 10 users in each company
- 1 Office tenant with 100 total users
Syncing the companies in CloudRadial with their respective PSA ID and their Office ID will result in all 100 users being brought in to each of the companies you add. Ideally, you'd want each company to have their own Office tenant - but that's not always the way that it works out.
So what are your options?
Option 1: Domain Inclusion/Exclusion Rules
In the cases where each one of the 10 companies has distinct and unique domains, the fix is easy.
When setting up a company, you can set a rule to either exclude all other domains from syncing OR to only include a specific set of domains for sync.
Using Domain Inclusion Rules
To apply a domain inclusion rule, do the following:
- Navigate to Partner > Clients
- Add a new client via the +Add button at the top-right
- Fill out the information for that client as normal, including their IDs, company groups, and more
- Under the section for Office 365 Synchronization, find the Include Only These Domains field
- Enter the specific domains that are allowed to sync to that one company.
- Select Submit at the bottom to finalize your settings.
This will make it so CloudRadial will only allow users within the Office tenant to sync over only if they match the specified domain(s).
Using Domain Exclusion Rules
As a converse of the method above, you can also apply exclusion rules to other domains rather than inclusion rules to specific domains. While the inclusion rule is preferred in most cases, the exclusion rule can have its own uses too.
To apply a domain exclusion rule, do the following:
- Navigate to Partner > Clients
- Add a new client via the +Add button at the top-right
- Fill out the information for that client as normal, including their IDs, company groups, and more
- Select Submit at the bottom to finalize your settings.
- Note! The first sync will bring in all users from the Office tenant.
- This is normal and acceptable at this stage.
- Once the company has been created, select the 3 blue dot menu next to the company from Partner > Clients
- Select the option to View that company
- Select the Exclusions tab at the top
- Select the +Add button at the top right to add a new exclusion rule
- Use a wildcard pattern on any number of domains you wish to exclude from syncing with that company
- An example wildcard pattern might be *@companyA.com
- This will ensure no email that ends with @companyA.com can be synced over
- Once you rules have been set, select Close to exit the menu.
This will make it so CloudRadial will only allow users within the Office tenant to sync over only if they do not match the specifically excluded domain(s).
Option 2: Not Syncing Office 365 At All
For those that have the same domain across all companies, exclusions/inclusions won't work. Since each one of the users is basically indistinguishable from the Office side, the best option here is to not sync them over using the Office ID at all.
You'll set the companies up using the same PSA identifier as normal but you will not enter an Office identifier for them upon setup. Not having Office connected means losing the following capabilities:
- Visibility into the tenant's license counts/attributions
- Office activity reporting
- MFA reporting
- The ability to keep Office and PSA in sync
Note that it does NOT necessarily cause the users the ability to sign in with their Office account. If their Office email address matches the one being pulled in from the PSA, the user will still be able to use the Office 365 sign-in option to access the portal.
Comments
0 comments
Article is closed for comments.