Sync Group Members

Overview

This guide provides step-by-step instructions for integrating Microsoft Entra ID groups with CloudLabs VM Labs. By synchronizing the lab with a Microsoft Entra group, user management becomes automatic and aligned with your organization's Microsoft Entra ID.

Once this integration is completed, you will be able to assign labs to Entra ID groups and all group members will have access to the labs. Please note that group members are synchronized every 24 HRS, you can force sync if you want to have immediate group membership changes reflected in CloudLabs.

Let’s look at the steps.

1. Create an Entra ID Service Principal

2. Configure Entra ID Intgeration in CloudLabs Portal.

CloudLabs will need permissions to read your Entra ID data (group and group members) to enable this intergation.

Create a Service Principal

Please create a service principle within your entra ID organization, with the required permissions.

1. Please see Microsoft’s documentation on how to Create Service Principal here> https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal

2. Please create a service principal with following specifications:

   1. Name: “CloudLabs-EntraID-GroupsSync-SPN” (or any other name as per your organizational best practices)

   2. Supported Account Type: Accounts in this organizational directory only (Spektra Systems LLC only - Single tenant)

   3. Redirect URI: Leave Blank

3. In the service principal, navigate to API Permissions and Click on Add Permissions. Select Microsoft Graph.

4. Select Application Permissions and search for “Directory.Read.All”

5. Click on Add Permissions and Grant Admin consent for your organization.

6. Navigate to Secrets and create a secret. You may configure the expiry date as you see fit.

7. Make a note of the following values. You’ll need them in CloudLabs portal.

   1. Tenant Id (3): Provide the Microsoft Entra Tenant ID of your Microsoft Tenant.

   2. Client Id (4): Service principal client ID.

   3. Client Secret (5): Secret Value.

Once you have this ready, you can proceed to next step.

Setup Entra ID Group Sync Integration within CloudLabs.

1. Navigate to the CloudLabs portal using a browser.

2. Navigate to the Manage VM Labs tab present in the side pane.

   

3. Navigate to the Global Settings page.

   

4. Navigate to the "Integrations (1)” tab within the Settings page and configure the following details:

   1. Entra Id Group Configuration (2): This configuration will be used to synchronize the Microsoft Entra Groups.

   2. Tenant Id (3): Provide the Microsoft Entra Tenant ID of your Microsoft Tenant.

   3. Client Id (4): Provide the service principal client ID.

   4. Client Secret (5): Provide the secret key of the service principal.

      NOTE: The service principal must have the “Directory.Read.All” API Permission to perform the group sync operation.

      

   5. Once the details are provided, click on “Update (6)” and confirm the updates.

Sync Group Members

Now that you have learned how to integrate Microsoft Entra ID groups with CloudLabs VM Labs, you can proceed with syncing group members to a lab.

1. Navigate to your lab > Users.

2. Click on Sync Group Members.

3. Select a group from dropdown and click Save.

You will now see that group members are now available in users listing. Please note that group members are synchronized every 24 HRS You click on Sync Group Members again to force sync any changes.

Troubleshooting

1. If you are unable to see group dropdown list or sync group members, please verify that your service principal still has required permissions and secret is not expired.

2. Please review activity logs for more error information or contact Support for further troubleshooting.