Forum Discussion
Database and microsoft entra id
How can I still use Microsoft entra id but I still want to query my user information using my database (mongodb), should I synchronize both? Is there any other better solution? Thank
- DTBIron Contributor
Hi nguoidugg,
Here’s a concise and structured response to help you with using Microsoft Entra ID while querying user information from your MongoDB database.
Solution Overview
You have a few options to achieve seamless integration between Microsoft Entra ID (formerly Azure AD) and your MongoDB database:
- Synchronize Entra ID with MongoDB
- Use Entra ID for Authentication and MongoDB for User Data
- Hybrid Approach
Option 1: Synchronize Entra ID with MongoDB
Steps:
- Azure AD Connect:
- Use Azure AD Connect to synchronize your on-premises directory with Entra ID.
- Custom Synchronization Script:
- Write a custom script to synchronize Entra ID user data with MongoDB. This can be done using Azure Functions or a scheduled task.
- Use the Microsoft Graph API to query Entra ID user data.
- Update MongoDB with the user data.
Pros:
- Ensures both systems have the latest user information.
- Can be tailored to specific needs.
Cons:
- Requires maintenance of the synchronization process.
- Possible latency issues.
Option 2: Use Entra ID for Authentication and MongoDB for User Data
Steps:
Authentication with Entra ID:
- Configure your application to authenticate users using Entra ID.
- Use OAuth 2.0 or OpenID Connect for secure authentication.
User Data in MongoDB:
- Store only necessary user data (profile information, preferences) in MongoDB.
- Query MongoDB for user-specific data after authentication.
Pros:
- Simplifies authentication management.
- Reduces data redundancy.
Cons:
- Requires handling user data separately in MongoDB.
Option 3: Hybrid Approach
Steps:
Authentication with Entra ID:
- Authenticate users with Entra ID as described in Option 2.
Periodic Synchronization:
- Periodically synchronize essential user data from Entra ID to MongoDB using a custom script or Azure Data Factory.
Pros:
- Combines the benefits of real-time authentication with updated user data.
- Balances between redundancy and performance.
Cons:
- Complexity in maintaining synchronization and authentication logic.
Implementation Example: Custom Synchronization Script
Using Azure Functions and Microsoft Graph API:
import azure.functions as func import pymongo from msal import ConfidentialClientApplication # Initialize the MSAL confidential client client_app = ConfidentialClientApplication( client_id="your_client_id", client_credential="your_client_secret", authority="https://login.microsoftonline.com/your_tenant_id" ) def get_users_from_entra(): token = client_app.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"]) graph_url = "https://graph.microsoft.com/v1.0/users" headers = {"Authorization": f"Bearer {token['access_token']}"} response = requests.get(graph_url, headers=headers) return response.json() def sync_users_to_mongodb(users): client = pymongo.MongoClient("mongodb_connection_string") db = client["your_database"] collection = db["users"] for user in users['value']: collection.update_one({"id": user['id']}, {"$set": user}, upsert=True) def main(req: func.HttpRequest) -> func.HttpResponse: users = get_users_from_entra() sync_users_to_mongodb(users) return func.HttpResponse("Synchronization complete", status_code=200)
Conclusion
Choosing the right approach depends on your specific needs and existing infrastructure. For many, using Entra ID for authentication and MongoDB for user data strikes a good balance between simplicity and functionality. For those needing up-to-date user information, periodic synchronization provides a robust solution.
I hope this helps! If you have any further questions, feel free to ask.