Since we enabled Azure AD SSO integration three weeks ago, our customer master data has stopped syncing from CloudSuite Sales Management to our CRM system. The weird thing is there are absolutely no errors showing in either the CloudSuite UI or the integration logs.
Manual sync still works perfectly when we trigger it through the data management console. It’s only the automated scheduled sync that fails silently. We have about 2,000 customer records that haven’t updated in the CRM, causing major issues for our sales team.
The SSO implementation was supposed to be independent of data integration flows. Has anyone experienced sync issues after enabling SSO? I’m not sure where to even start troubleshooting when there are no error messages.
You need to register a new app in Azure AD first. Go to Azure Portal > App Registrations > New Registration. Give it a name like ‘CloudSuite-CRM-Sync-Service’. Under API Permissions, add the Microsoft Graph permissions and any custom CloudSuite API permissions needed. Then create a client secret. Back in CloudSuite, update your scheduled job to use OAuth2 client credentials flow with the app ID and secret.
I’ve seen this exact scenario. When you enable Azure AD SSO, it often changes the authentication context for all automated processes. Your manual sync works because you’re authenticated interactively, but the scheduled job is probably using a service principal that wasn’t migrated to the new SSO configuration. Check your ION workflow credentials and make sure the service account has the proper Azure AD app registration and permissions. You might need to create a new service principal specifically for the integration.
Here’s the complete solution to address all three aspects of your issue:
First, regarding the SSO enablement impact: When you enabled Azure AD SSO, all authentication paths changed to require Azure AD tokens. Your scheduled sync job is still configured with the pre-SSO service account credentials, which now fail authentication silently because they’re not going through the Azure AD authentication flow. This is why manual sync works (you’re authenticated via SSO) but scheduled jobs don’t.
Second, the lack of errors in UI and logs: This is because the authentication failure happens at the Azure AD boundary before CloudSuite logs anything. To see the actual errors, log into Azure Portal > Azure Active Directory > Sign-ins > Service Principal Sign-ins. Filter by your application name and look for 401 unauthorized errors from the past three weeks. You’ll see the failed authentication attempts there.
Third, fixing the scheduled sync: You need to create a proper service principal for automated processes. In Azure Portal, register a new application under App Registrations. Name it ‘CloudSuite-Sales-CRM-Integration’. Under Certificates & Secrets, create a new client secret and save it securely. Under API Permissions, add:
- Microsoft Graph: User.Read.All and Directory.Read.All
- CloudSuite API: Customer.Read and Customer.Write
Grant admin consent for these permissions. Now in CloudSuite, go to System Configuration > Integration Services > Authentication Profiles. Create a new profile called ‘CRM-Sync-ServicePrincipal’ using OAuth2 Client Credentials flow. Enter your Azure AD tenant ID, application (client) ID, and client secret.
Update your scheduled sync job (Data Management > Scheduled Jobs > Customer-CRM-Sync) to use this new authentication profile instead of the old service account. Test it by running the job manually first. Once confirmed working, re-enable the schedule. The sync should now run automatically with proper SSO-compliant authentication, and you’ll start seeing proper error logging if any issues occur.
The silent failure is happening because the error is occurring at the authentication layer before CloudSuite even logs it. Check the Azure AD sign-in logs in the Azure Portal - you’ll likely see failed authentication attempts from the old service account that CloudSuite isn’t reporting.