Quick Answer
Microsoft Entra ID Sync manages how users and groups are previewed, processed, and updated in Pinnacle Series, including background processing, notifications, and sync logs.
Overview
Microsoft Entra ID Sync enables administrators to review and apply user and group changes from Microsoft Entra ID into the platform. It supports both preview (Sync Overview) and execution (Sync Now), with behavior that adapts based on processing time.
This functionality is accessed from the Users area of the Admin Portal and is primarily used by administrators responsible for user provisioning and identity management.
Key Concepts
Sync Overview
A preview of proposed user and group changes before they are applied. Administrators can review updates such as adds, removals, and modifications before running a sync.
Sync Now
The execution process that applies approved changes from Microsoft Entra ID to the platform.
Background Processing
If a sync or preview takes longer than approximately one minute, it continues in the background and notifies the initiating administrator when complete.
Sync Logs
A record of completed sync operations, including user and group changes applied during execution.
Notifications
In-platform and email alerts that inform administrators when a Sync Overview or Sync Now process has completed.
How it Works
When an administrator initiates a sync, the platform first determines whether the process can complete within approximately one minute.
If the process completes quickly, results are displayed immediately. For Sync Overview, this means showing proposed changes. For Sync Now, a completion modal appears and redirects to Sync Logs.
If the process exceeds one minute, it moves into background processing. The administrator can continue working, and a notification is sent when results are ready.
Sync Overview notifications may expire if a new overview is generated or if too much time has passed. Sync Now notifications remain valid because they link directly to Sync Logs.
User profile image updates are processed separately and do not appear as modifications in Sync Overview or Sync Logs.
Limits and Constraints
- Microsoft Graph permissions (
User.Read.All,GroupMember.Read.All) are required for the current integration - Permissions are tenant-wide and cannot be scoped
- Sync Overview notifications may expire:
- If another overview is initiated
- If another administrator runs an overview
- After 7 days without sync activity
- Sync Complete notifications do not expire
- User image updates:
- Do not appear in Sync Overview
- Do not appear in Sync Logs
Common Questions
Why didn’t my Sync Overview appear immediately?
If processing takes longer than one minute, the overview is generated in the background and delivered via notification.
Why did my Sync Overview link stop working?
Sync Overview links can expire if a new overview is generated, another administrator runs one, or more than 7 days have passed.
Why don’t I see user image updates in Sync Overview or logs?
Image updates are handled separately and are intentionally excluded from modification tracking.
Does this affect all users or only specific roles?
Only administrators with access to user provisioning and sync functionality can initiate and review sync operations.
Still Need Help