Data norden – behöver du en datanörd?

Menu
Menu
Svenska

AD-ARX Sync

With our synchronization tool, you can easily synchronize users and groups from Active Directory or Entra ID to Assa Abloy ARX.

This tool also takes care of deactivating keys, which results in a more secure physical infrastructure.

You simply avoid duplication of work while avoiding unauthorized physical access.

To use this tool, you only need a device that runs windows and the import/export module in ARX.

How it works

contact

Users becomes
persons

Users in Active directory or Entra ID (formerly Azure AD) are created as persons in ARX.

You choose which users based on groups, organization unit or your own filtering.

The contacts in ARX are updated in each run to keep the correct information.

group

Groups becomes
access categories

Selected groups in AD or Entra, usually based on a prefix, are automatically created as a permission category in ARX.

Persons that are in the access category are the same users as in the AD group.

Which makes it possible to control physical authorization directly from AD/Entra.

locked

Keys & operators
are updated

When an AD/Entra user is disabled or deleted, keys are automatically blocked for the person in ARX.

A list of deactivated keys (cards) is sent via e-mail to a selected address, usually ARX operators.

This means the end of unauthorized physical access at the same time you’re blocking access in the virtual world.

Other features and functions

deploy-keys

Deploy & assign cards

You can enable deployment of cards (keys) from Entra or AD to ARX.

You specify what AD or Entra attribute contains the user’s card number. And what card format it should deploy as.

It then creates and ensures the card is assigned to the correct user.

mobile-access

ARX Mobile Access

If you use ARX Mobile Access then you can enable the mobile access support feature.

The sync will then take care of creating invitations for ARX Mobile Access.

One invite per user is created and you can select which users should get an invite based on an AD/Entra group (supports nested groups).

debug-mode

Debug mode

Debug mode can be enabled at any time to perform test-runs (dry-runs) of the synchronization.

This allows you to test various settings without ever writing changes to ARX.

A perfect way to ensure nothing breaks before you synchronize.

Pricing

AD-ARX Sync

For Active Directory on-prem

26 990 SEK

One-time cost

  • Filtering users based on attribute values
  • Filtering of users based on organization unit
  • Filtering users based on group membership
  • Option to define custom filter for included users
  • Supports ARX Mobile Access
  • Deploy cards based on selected AD attribute
  • Send pin code to new users via email
  • Installation and documentation included

Entra-ARX Sync

For Entra ID (Azure AD)

26 990 SEK

One-time cost

  • Filtering users based on group membership
  • Supports nested groups
  • Supports ARX Mobile Access
  • Send pin code to new users via email
  • Deploy cards based on selected Entra attribute
  • Installation and documentation included
Contact us

AD-ARX Sync



    Contact us

    Entra-ARX Sync



      AD-ARX Sync

      For Active Directory on-prem

      26 990 SEK

      One-time cost

      • Filtering users based on attribute values
      • Filtering of users based on organization unit
      • Filtering users based on group membership
      • Option to define custom filter for included users
      • Supports ARX Mobile Access
      • Deploy cards based on selected AD attribute
      • Send pin code to new users via email
      • Installation and documentation included
      Contact us

      AD-ARX Sync



        Entra-ARX Sync

        For Entra ID (Azure AD)

        26 990 SEK

        One-time cost

        • Filtering users based on group membership
        • Supports nested groups
        • Supports ARX Mobile Access
        • Send pin code to new users via email
        • Deploy cards based on selected Entra attribute
        • Installation and documentation included
        Contact us

        Entra-ARX Sync



          FAQ

          No. The tool only reads users and groups from AD or Entra.
          It never modifies your directory. 

          Nothing, the existing users (persons) and groups (access categories) in ARX will not be touched by the synchronization.
          It will only manage persons and access categories that it has created.
          Meaning you can continue to manually create users and access categories in ARX. 

          However, a person created via the synchronization can’t be a member of an access category created manually.
          The membership would disappear in the next synchronization.

          No, there’s currently no support for that feature.

          The AD edition runs fully on-prem and offline (except if you wish to use an external SMTP).
          Only the Entra edition needs outbound HTTPS to Microsoft Graph API. Majority of our customers runs this on the same server as ARX.

          No. A few failed passwords won’t block keys (cards in ARX).
          Keys are only blocked when the AD/Entra account is actually disabled or deleted — or removed from the sync scope.

          Depends on how many users and groups you are synchronizing and of course on the hardware and network capabilities.
          Our low scale lab environment (4GB RAM, 2vCPU) synchronized 1000 on-prem AD users and roughly 100 groups under 5 minutes.

          And about 500 Entra users with roughly 50 groups under 5 minutes.

          Yes, the Entra version of the tool works nicely with MyAccess to delegate group ownerships.

          No, the sync tool is a portable .exe package and settings can be easily configured via an included graphical interface.

          Installation documentation are of course included. And we even assist with installation and initial tests if needed.

          Yes. You can run multiple configured copies in parallel to split the load or sync some departments more frequently than others as long as it’s within the same domain/tenant. 

          The sync tool is sold as a per domain/tenant license. Meaning you can’t copy and re-use this tool with another domain or tenant than you originally purchased it for.

          Yes. You can enable “debug mode” at any time which runs a sync that makes no changes to ARX but produces output files to review. Like a dry-run.
          VM snapshots or a test environment are also recommended if available.

          Yes, as long as it’s functionality possible within ARX Import/Export and available ARX APIs.

          Additional development is charged by the hour. Contact us for more information.

          No, but you can purchase an optional support subscription which costs 4 990 SEK per year.

          That includes product updates and new features as well as priority support after installation.