Forum Discussion

nguoidugg's avatar
nguoidugg
Copper Contributor
Jun 25, 2024

Database and microsoft entra id

How can I still use Microsoft entra id but I still want to query my user information using my database (mongodb), should I synchronize both? Is there any other better solution? Thank

  • DTB's avatar
    DTB
    Iron Contributor

    Hi nguoidugg,

     

    Here’s a concise and structured response to help you with using Microsoft Entra ID while querying user information from your MongoDB database.

    Solution Overview

    You have a few options to achieve seamless integration between Microsoft Entra ID (formerly Azure AD) and your MongoDB database:

    1. Synchronize Entra ID with MongoDB
    2. Use Entra ID for Authentication and MongoDB for User Data
    3. Hybrid Approach

    Option 1: Synchronize Entra ID with MongoDB

    Steps:

    1. Azure AD Connect:
      • Use Azure AD Connect to synchronize your on-premises directory with Entra ID.
    2. Custom Synchronization Script:
      • Write a custom script to synchronize Entra ID user data with MongoDB. This can be done using Azure Functions or a scheduled task.
      • Use the Microsoft Graph API to query Entra ID user data.
      • Update MongoDB with the user data.

    Pros:

    • Ensures both systems have the latest user information.
    • Can be tailored to specific needs.

    Cons:

    • Requires maintenance of the synchronization process.
    • Possible latency issues.

    Option 2: Use Entra ID for Authentication and MongoDB for User Data

    Steps:

    1. Authentication with Entra ID:

      • Configure your application to authenticate users using Entra ID.
      • Use OAuth 2.0 or OpenID Connect for secure authentication.
    2. User Data in MongoDB:

      • Store only necessary user data (profile information, preferences) in MongoDB.
      • Query MongoDB for user-specific data after authentication.

    Pros:

    • Simplifies authentication management.
    • Reduces data redundancy.

    Cons:

    • Requires handling user data separately in MongoDB.

    Option 3: Hybrid Approach

    Steps:

    1. Authentication with Entra ID:

      • Authenticate users with Entra ID as described in Option 2.
    2. Periodic Synchronization:

      • Periodically synchronize essential user data from Entra ID to MongoDB using a custom script or Azure Data Factory.

    Pros:

    • Combines the benefits of real-time authentication with updated user data.
    • Balances between redundancy and performance.

    Cons:

    • Complexity in maintaining synchronization and authentication logic.

    Implementation Example: Custom Synchronization Script

    Using Azure Functions and Microsoft Graph API:

    import azure.functions as func
    import pymongo
    from msal import ConfidentialClientApplication
    
    # Initialize the MSAL confidential client
    client_app = ConfidentialClientApplication(
        client_id="your_client_id",
        client_credential="your_client_secret",
        authority="https://login.microsoftonline.com/your_tenant_id"
    )
    
    def get_users_from_entra():
        token = client_app.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"])
        graph_url = "https://graph.microsoft.com/v1.0/users"
        headers = {"Authorization": f"Bearer {token['access_token']}"}
        response = requests.get(graph_url, headers=headers)
        return response.json()
    
    def sync_users_to_mongodb(users):
        client = pymongo.MongoClient("mongodb_connection_string")
        db = client["your_database"]
        collection = db["users"]
        for user in users['value']:
            collection.update_one({"id": user['id']}, {"$set": user}, upsert=True)
    
    def main(req: func.HttpRequest) -> func.HttpResponse:
        users = get_users_from_entra()
        sync_users_to_mongodb(users)
        return func.HttpResponse("Synchronization complete", status_code=200)

     

    Conclusion

    Choosing the right approach depends on your specific needs and existing infrastructure. For many, using Entra ID for authentication and MongoDB for user data strikes a good balance between simplicity and functionality. For those needing up-to-date user information, periodic synchronization provides a robust solution.

     

    I hope this helps! If you have any further questions, feel free to ask.

Resources