[BRE-831] migrate secrets AKV (#796)

* Updating the fetching of the config and key to check entra and check azure afterwards.

* Making this camelCase to match other values.

(cherry picked from commit 284206b735)

.github/workflows/build.yml

@@ -9,10 +9,15 @@ on:
       - "hotfix-rc"
   workflow_dispatch: {}
 
+permissions:
+  contents: read
+
 jobs:
   cloc:
     name: CLOC
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     steps:
       - name: Checkout repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -29,6 +34,8 @@ jobs:
   setup:
     name: Setup
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     outputs:
       package_version: ${{ steps.retrieve-version.outputs.package_version }}
     steps:
@@ -50,6 +57,8 @@ jobs:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
       _PKG_FETCH_NODE_VERSION: 18.5.0
       _PKG_FETCH_VERSION: 3.4
+    permissions:
+      contents: read
     steps:
       - name: Checkout repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -95,11 +104,6 @@ jobs:
       - name: Zip
         run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node
 
-      - name: Create checksums
-        run: |
-          shasum -a 256 dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip | \
-            cut -d " " -f 1 > dist-cli/bwdc-linux-sha256-$_PACKAGE_VERSION.txt
-
       - name: Version Test
         run: |
           sudo apt-get update
@@ -129,18 +133,13 @@ jobs:
           path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Linux checksum to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
 
   macos-cli:
     name: Build Mac CLI
     runs-on: macos-13
     needs: setup
+    permissions:
+      contents: read
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
       _PKG_FETCH_NODE_VERSION: 18.5.0
@@ -190,11 +189,6 @@ jobs:
       - name: Zip
         run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node
 
-      - name: Create checksums
-        run: |
-          shasum -a 256 dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip | \
-            cut -d " " -f 1 > dist-cli/bwdc-macos-sha256-$_PACKAGE_VERSION.txt
-
       - name: Version Test
         run: |
           mkdir -p test/macos
@@ -217,17 +211,13 @@ jobs:
           path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Mac checksum to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
 
   windows-cli:
     name: Build Windows CLI
     runs-on: windows-2022
     needs: setup
+    permissions:
+      contents: read
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
       _WIN_PKG_FETCH_VERSION: 18.5.0
@@ -349,11 +339,6 @@ jobs:
             Throw "Version test failed."
           }
 
-      - name: Create checksums
-        run: |
-          checksum -f="./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" `
-            -t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:_PACKAGE_VERSION}.txt
-
       - name: Upload Windows Zip to GitHub
         uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
@@ -361,18 +346,14 @@ jobs:
           path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Windows checksum to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
 
   windows-gui:
     name: Build Windows GUI
     runs-on: windows-2022
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     env:
       NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
@@ -404,15 +385,36 @@ jobs:
       - name: Install Node dependencies
         run: npm install
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "code-signing-vault-url,
+            code-signing-client-id,
+            code-signing-tenant-id,
+            code-signing-client-secret,
+            code-signing-cert-name"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Build & Sign
         run: npm run dist:win
         env:
           ELECTRON_BUILDER_SIGN: 1
-          SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
+          SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
-          SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
+          SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }}
-          SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
+          SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }}
-          SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
+          SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
-          SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
+          SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
 
       - name: Upload Portable Executable to GitHub
         uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
@@ -447,6 +449,8 @@ jobs:
     name: Build Linux GUI
     runs-on: ubuntu-24.04
     needs: setup
+    permissions:
+      contents: read
     env:
       NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
@@ -501,6 +505,9 @@ jobs:
     name: Build MacOS GUI
     runs-on: macos-13
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     env:
       NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
@@ -528,10 +535,19 @@ jobs:
           echo "GitHub ref: $GITHUB_REF"
           echo "GitHub event: $GITHUB_EVENT"
 
-      - name: Login to Azure
+      - name: Log in to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-directory-connector
+          secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
 
       - name: Get certificates
         run: |
@@ -546,9 +562,12 @@ jobs:
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
             jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Set up keychain
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
@@ -582,13 +601,13 @@ jobs:
         run: |
           mkdir ~/private_keys
           cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
-          ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
+          ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
           EOF
 
       - name: Build application
         run: npm run dist:mac
         env:
-          APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
           APP_STORE_CONNECT_AUTH_KEY: UFD296548T
           APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_UFD296548T.p8
           CSC_FOR_PULL_REQUEST: true
@@ -634,6 +653,8 @@ jobs:
       - windows-gui
       - linux-gui
       - macos-gui
+    permissions:
+      id-token: write
     steps:
       - name: Check if any job failed
         if: |
@@ -643,11 +664,13 @@ jobs:
           && contains(needs.*.result, 'failure')
         run: exit 1
 
-      - name: Login to Azure - CI subscription
+      - name: Log in to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         if: failure()
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -657,6 +680,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "devops-alerts-slack-webhook-url"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Notify Slack on failure
         uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
         if: failure()

.github/workflows/enforce-labels.yml

@@ -3,6 +3,9 @@ name: Enforce PR labels
 on:
   pull_request:
     types: [labeled, unlabeled, opened, edited, synchronize]
+permissions:
+  contents: read
+  pull-requests: read
 jobs:
   enforce-label:
     name: EnforceLabel

.github/workflows/integration-test.yml

@@ -74,5 +74,3 @@ jobs:
 
       - name: Upload results to codecov.io
         uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/release.yml

@@ -13,10 +13,15 @@ on:
           - Redeploy
           - Dry Run
 
+permissions:
+  contents: read
+
 jobs:
   setup:
     name: Setup
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     outputs:
       release_version: ${{ steps.version.outputs.version }}
     steps:
@@ -45,6 +50,10 @@ jobs:
     name: Release
     runs-on: ubuntu-24.04
     needs: setup
+    permissions:
+      actions: read
+      packages: read
+      contents: write
     steps:
       - name: Download all artifacts
         if: ${{ inputs.release_type != 'Dry Run' }}
@@ -71,9 +80,6 @@ jobs:
           artifacts: "./bwdc-windows-${{ env.PKG_VERSION }}.zip,
                       ./bwdc-macos-${{ env.PKG_VERSION }}.zip,
                       ./bwdc-linux-${{ env.PKG_VERSION }}.zip,
-                      ./bwdc-windows-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-macos-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-linux-sha256-${{ env.PKG_VERSION }}.txt,
                       ./Bitwarden-Connector-Portable-${{ env.PKG_VERSION }}.exe,
                       ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe,
                       ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe.blockmap,

.github/workflows/scan.yml

@@ -5,13 +5,23 @@ on:
   push:
     branches:
       - "main"
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - main
   pull_request_target:
-    types: [opened, synchronize]
+    types: [opened, synchronize, reopened]
+    branches:
+      - main
+
+permissions: {}
 
 jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
 
   sast:
     name: SAST scan
@@ -21,6 +31,7 @@ jobs:
       contents: read
       pull-requests: write
       security-events: write
+      id-token: write
 
     steps:
       - name: Check out repo
@@ -28,16 +39,33 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "CHECKMARX-TENANT,CHECKMARX-CLIENT-ID,CHECKMARX-SECRET"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Scan with Checkmarx
         uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
         env:
           INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
         with:
           project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
+          cx_tenant: ${{ steps.get-kv-secrets.outputs.CHECKMARX-TENANT }}
           base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
+          cx_client_id: ${{ steps.get-kv-secrets.outputs.CHECKMARX-CLIENT-ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
+          cx_client_secret: ${{ steps.get-kv-secrets.outputs.CHECKMARX-SECRET }}
           additional_params: |
             --report-format sarif \
             --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
@@ -57,6 +85,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
+      id-token: write
 
     steps:
       - name: Check out repo
@@ -65,10 +94,27 @@ jobs:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "SONAR-TOKEN"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
+        uses: sonarsource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
         env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_TOKEN: ${{ steps.get-kv-secrets.outputs.SONAR-TOKEN }}
         with:
           args: >
             -Dsonar.organization=${{ github.repository_owner }}

.github/workflows/test.yml

@@ -64,5 +64,3 @@ jobs:
 
       - name: Upload results to codecov.io
         uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/version-bump.yml

@@ -12,6 +12,9 @@ jobs:
   bump_version:
     name: Bump Version
     runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      id-token: write
     steps:
       - name: Validate version input
         if: ${{ inputs.version_number_override != '' }}
@@ -19,12 +22,29 @@ jobs:
         with:
           version: ${{ inputs.version_number_override }}
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Generate GH App token
         uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
         id: app-token
         with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
 
       - name: Checkout Branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

README.md

@@ -9,7 +9,7 @@ Supported directories:
 
 - Active Directory
 - Any other LDAP-based directory
-- Azure Active Directory
+- Microsoft Entra ID
 - G Suite (Google)
 - Okta
 

jslib/common/src/models/request/organizationImportRequest.ts

@@ -8,16 +8,12 @@ export class OrganizationImportRequest {
   overwriteExisting = false;
   largeImport = false;
 
-  constructor(
+  constructor(model: {
-    model:
+    groups: Required<OrganizationImportGroupRequest>[];
-      | {
+    users: Required<OrganizationImportMemberRequest>[];
-          groups: Required<OrganizationImportGroupRequest>[];
+    overwriteExisting: boolean;
-          users: Required<OrganizationImportMemberRequest>[];
+    largeImport: boolean;
-          overwriteExisting: boolean;
+  }) {
-          largeImport: boolean;
-        }
-      | ImportDirectoryRequest,
-  ) {
     if (model instanceof ImportDirectoryRequest) {
       this.groups = model.groups.map((g) => new OrganizationImportGroupRequest(g));
       this.members = model.users.map((u) => new OrganizationImportMemberRequest(u));

package.json

@@ -2,7 +2,7 @@
   "name": "@bitwarden/directory-connector",
   "productName": "Bitwarden Directory Connector",
   "description": "Sync your user directory to your Bitwarden organization.",
-  "version": "2025.3.0",
+  "version": "2025.6.1",
   "keywords": [
     "bitwarden",
     "password",
@@ -73,15 +73,15 @@
     "test:types": "npx tsc --noEmit"
   },
   "devDependencies": {
-    "@angular-devkit/build-angular": "17.3.11",
+    "@angular-devkit/build-angular": "17.3.17",
     "@angular-eslint/eslint-plugin-template": "17.5.3",
     "@angular-eslint/template-parser": "17.5.3",
     "@angular/compiler-cli": "17.3.12",
     "@electron/notarize": "2.5.0",
-    "@electron/rebuild": "3.7.1",
+    "@electron/rebuild": "3.7.2",
     "@fluffy-spoon/substitute": "1.208.0",
     "@microsoft/microsoft-graph-types": "2.40.0",
-    "@ngtools/webpack": "17.3.11",
+    "@ngtools/webpack": "17.3.17",
     "@types/inquirer": "8.2.10",
     "@types/jest": "29.5.14",
     "@types/lowdb": "1.0.15",
@@ -90,50 +90,49 @@
     "@types/node-forge": "1.3.11",
     "@types/proper-lockfile": "4.1.4",
     "@types/tldjs": "2.3.4",
-    "@typescript-eslint/eslint-plugin": "8.23.0",
+    "@typescript-eslint/eslint-plugin": "8.32.1",
-    "@typescript-eslint/parser": "8.23.0",
+    "@typescript-eslint/parser": "8.32.1",
     "clean-webpack-plugin": "4.0.0",
     "concurrently": "9.1.2",
     "copy-webpack-plugin": "12.0.2",
     "cross-env": "7.0.3",
     "css-loader": "7.1.2",
-    "dotenv": "16.4.7",
+    "dotenv": "16.5.0",
     "electron": "34.1.1",
     "electron-builder": "24.13.3",
-    "electron-log": "5.2.4",
+    "electron-log": "5.4.1",
     "electron-reload": "2.0.0-alpha.1",
     "electron-store": "8.2.0",
-    "electron-updater": "6.3.9",
+    "electron-updater": "6.6.2",
     "eslint": "8.57.1",
-    "eslint-config-prettier": "10.0.1",
+    "eslint-config-prettier": "10.1.5",
     "eslint-import-resolver-typescript": "3.7.0",
     "eslint-plugin-import": "2.31.0",
     "eslint-plugin-rxjs": "5.0.3",
     "eslint-plugin-rxjs-angular": "2.0.1",
-    "form-data": "4.0.1",
+    "form-data": "4.0.3",
     "html-loader": "5.1.0",
     "html-webpack-plugin": "5.6.3",
     "husky": "9.1.7",
     "jest": "29.7.0",
     "jest-junit": "16.0.0",
     "jest-mock-extended": "3.0.7",
-    "jest-preset-angular": "14.5.0",
+    "jest-preset-angular": "14.5.5",
-    "lint-staged": "15.4.1",
+    "lint-staged": "15.5.2",
     "mini-css-extract-plugin": "2.9.2",
-    "minimatch": "3.1.2",
+    "node-abi": "3.75.0",
-    "node-abi": "3.74.0",
     "node-forge": "1.3.1",
     "node-loader": "2.1.0",
     "pkg": "5.8.1",
-    "prettier": "3.4.2",
+    "prettier": "3.5.3",
     "rimraf": "6.0.1",
-    "rxjs": "7.8.1",
+    "rxjs": "7.8.2",
     "sass": "1.79.4",
-    "sass-loader": "16.0.4",
+    "sass-loader": "16.0.5",
-    "ts-jest": "29.2.5",
+    "ts-jest": "29.4.0",
     "ts-loader": "9.5.2",
     "tsconfig-paths-webpack-plugin": "4.2.0",
-    "type-fest": "4.32.0",
+    "type-fest": "4.41.0",
     "typescript": "5.4.5",
     "webpack": "5.97.1",
     "webpack-cli": "6.0.1",
@@ -157,21 +156,22 @@
     "browser-hrtime": "1.1.8",
     "chalk": "4.1.2",
     "commander": "13.1.0",
-    "core-js": "3.40.0",
+    "core-js": "3.42.0",
-    "form-data": "4.0.1",
+    "form-data": "4.0.3",
     "google-auth-library": "9.15.1",
     "googleapis": "144.0.0",
     "https-proxy-agent": "7.0.6",
     "inquirer": "8.2.6",
     "keytar": "7.9.0",
-    "ldapts": "7.3.1",
+    "ldapts": "7.4.0",
     "lowdb": "1.0.0",
     "ngx-toastr": "19.0.0",
     "node-fetch": "2.7.0",
     "proper-lockfile": "4.1.2",
-    "rxjs": "7.8.1",
+    "rxjs": "7.8.2",
     "tldjs": "2.3.1",
-    "zone.js": "0.14.10"
+    "zone.js": "0.14.10",
+    "parse5": "7.2.1"
   },
   "engines": {
     "node": "~22.13.0",

src/abstractions/request-builder.service.ts

@@ -3,11 +3,15 @@ import { OrganizationImportRequest } from "@/jslib/common/src/models/request/org
 import { GroupEntry } from "@/src/models/groupEntry";
 import { UserEntry } from "@/src/models/userEntry";
 
+export interface RequestBuilderOptions {
+  removeDisabled: boolean;
+  overwriteExisting: boolean;
+}
+
 export abstract class RequestBuilder {
   buildRequest: (
     groups: GroupEntry[],
     users: UserEntry[],
-    removeDisabled: boolean,
+    options: RequestBuilderOptions,
-    overwriteExisting: boolean,
   ) => OrganizationImportRequest[];
 }

src/abstractions/state.service.ts

@@ -3,7 +3,7 @@ import { StorageOptions } from "@/jslib/common/src/models/domain/storageOptions"
 
 import { DirectoryType } from "@/src/enums/directoryType";
 import { Account } from "@/src/models/account";
-import { AzureConfiguration } from "@/src/models/azureConfiguration";
+import { EntraIdConfiguration } from "@/src/models/entraIdConfiguration";
 import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
 import { LdapConfiguration } from "@/src/models/ldapConfiguration";
 import { OktaConfiguration } from "@/src/models/oktaConfiguration";
@@ -17,7 +17,7 @@ export abstract class StateService extends BaseStateServiceAbstraction<Account>
     config:
       | LdapConfiguration
       | GSuiteConfiguration
-      | AzureConfiguration
+      | EntraIdConfiguration
       | OktaConfiguration
       | OneLoginConfiguration,
   ) => Promise<any>;
@@ -25,8 +25,8 @@ export abstract class StateService extends BaseStateServiceAbstraction<Account>
   setLdapConfiguration: (value: LdapConfiguration, options?: StorageOptions) => Promise<void>;
   getGsuiteConfiguration: (options?: StorageOptions) => Promise<GSuiteConfiguration>;
   setGsuiteConfiguration: (value: GSuiteConfiguration, options?: StorageOptions) => Promise<void>;
-  getAzureConfiguration: (options?: StorageOptions) => Promise<AzureConfiguration>;
+  getEntraConfiguration: (options?: StorageOptions) => Promise<EntraIdConfiguration>;
-  setAzureConfiguration: (value: AzureConfiguration, options?: StorageOptions) => Promise<void>;
+  setEntraConfiguration: (value: EntraIdConfiguration, options?: StorageOptions) => Promise<void>;
   getOktaConfiguration: (options?: StorageOptions) => Promise<OktaConfiguration>;
   setOktaConfiguration: (value: OktaConfiguration, options?: StorageOptions) => Promise<void>;
   getOneLoginConfiguration: (options?: StorageOptions) => Promise<OneLoginConfiguration>;

src/app/tabs/dashboard.component.html

@@ -22,18 +22,15 @@
         class="btn btn-primary"
         [disabled]="startForm.loading"
       >
-        <i class="bwi bwi-play bwi-fw" [hidden]="startForm.loading"></i>
         <i class="bwi bwi-spinner bwi-fw bwi-spin" [hidden]="!startForm.loading"></i>
         {{ "startSync" | i18n }}
       </button>
     </form>
-    <button type="button" (click)="stop()" class="btn btn-primary">
+    <button type="button" (click)="stop()" class="btn btn-danger text-white">
-      <i class="bwi bwi-stop bwi-fw"></i>
       {{ "stopSync" | i18n }}
     </button>
     <form #syncForm [appApiAction]="syncPromise" class="d-inline">
       <button type="button" (click)="sync()" class="btn btn-primary" [disabled]="syncForm.loading">
-        <i class="bwi bwi-refresh bwi-fw" [ngClass]="{ 'bwi-spin': syncForm.loading }"></i>
         {{ "syncNow" | i18n }}
       </button>
     </form>
@@ -51,7 +48,6 @@
         [disabled]="simForm.loading"
       >
         <i class="bwi bwi-spinner bwi-fw bwi-spin" [hidden]="!simForm.loading"></i>
-        <i class="bwi bwi-bug bwi-fw" [hidden]="simForm.loading"></i>
         {{ "testNow" | i18n }}
       </button>
     </form>

src/app/tabs/settings.component.html

@@ -242,7 +242,7 @@
             </div>
           </div>
         </div>
-        <div [hidden]="directory != directoryType.AzureActiveDirectory">
+        <div [hidden]="directory != directoryType.EntraID">
           <div class="mb-3">
             <label for="identityAuthority" class="form-label">{{
               "identityAuthority" | i18n
@@ -251,10 +251,10 @@
               class="form-select"
               id="identityAuthority"
               name="IdentityAuthority"
-              [(ngModel)]="azure.identityAuthority"
+              [(ngModel)]="entra.identityAuthority"
             >
-              <option value="login.microsoftonline.com">Azure AD Public</option>
+              <option value="login.microsoftonline.com">Entra Id Public</option>
-              <option value="login.microsoftonline.us">Azure AD Government</option>
+              <option value="login.microsoftonline.us">Entra Id Government</option>
             </select>
           </div>
           <div class="mb-3">
@@ -264,7 +264,7 @@
               class="form-control"
               id="tenant"
               name="Tenant"
-              [(ngModel)]="azure.tenant"
+              [(ngModel)]="entra.tenant"
             />
             <div class="form-text">{{ "ex" | i18n }} companyad.onmicrosoft.com</div>
           </div>
@@ -275,29 +275,29 @@
               class="form-control"
               id="applicationId"
               name="ApplicationId"
-              [(ngModel)]="azure.applicationId"
+              [(ngModel)]="entra.applicationId"
             />
           </div>
           <div class="mb-3">
             <label for="secretKey" class="form-label">{{ "secretKey" | i18n }}</label>
             <div class="input-group">
               <input
-                type="{{ showAzureKey ? 'text' : 'password' }}"
+                type="{{ showEntraKey ? 'text' : 'password' }}"
                 class="form-control"
                 id="secretKey"
                 name="SecretKey"
-                [(ngModel)]="azure.key"
+                [(ngModel)]="entra.key"
               />
               <button
                 type="button"
                 class="btn btn-outline-secondary"
                 appA11yTitle="{{ 'toggleVisibility' | i18n }}"
-                (click)="toggleAzureKey()"
+                (click)="toggleEntraKey()"
               >
                 <i
                   class="bwi bwi-lg"
                   aria-hidden="true"
-                  [ngClass]="showAzureKey ? 'bwi-eye-slash' : 'bwi-eye'"
+                  [ngClass]="showEntraKey ? 'bwi-eye-slash' : 'bwi-eye'"
                 ></i>
               </button>
             </div>
@@ -607,14 +607,14 @@
             <div class="form-text" *ngIf="directory === directoryType.Ldap">
               {{ "ex" | i18n }} (&amp;(givenName=John)(|(l=Dallas)(l=Austin)))
             </div>
-            <div class="form-text" *ngIf="directory === directoryType.AzureActiveDirectory">
+            <div class="form-text" *ngIf="directory === directoryType.EntraID">
               {{ "ex" | i18n }} exclude:joe&#64;company.com
             </div>
             <div class="form-text" *ngIf="directory === directoryType.Okta">
               {{ "ex" | i18n }} exclude:joe&#64;company.com | profile.firstName eq "John"
             </div>
             <div class="form-text" *ngIf="directory === directoryType.GSuite">
-              {{ "ex" | i18n }} exclude:joe&#64;company.com | orgName=Engineering
+              {{ "ex" | i18n }} exclude:joe&#64;company.com | orgUnitPath=/Engineering
             </div>
           </div>
           <div class="mb-3" [hidden]="directory != directoryType.Ldap">
@@ -684,7 +684,7 @@
             <div class="form-text" *ngIf="directory === directoryType.Ldap">
               {{ "ex" | i18n }} (&amp;(objectClass=group)(!(cn=Sales*))(!(cn=IT*)))
             </div>
-            <div class="form-text" *ngIf="directory === directoryType.AzureActiveDirectory">
+            <div class="form-text" *ngIf="directory === directoryType.EntraID">
               {{ "ex" | i18n }} include:Sales,IT
             </div>
             <div class="form-text" *ngIf="directory === directoryType.Okta">

src/app/tabs/settings.component.ts

@@ -5,7 +5,7 @@ import { LogService } from "@/jslib/common/src/abstractions/log.service";
 
 import { StateService } from "../../abstractions/state.service";
 import { DirectoryType } from "../../enums/directoryType";
-import { AzureConfiguration } from "../../models/azureConfiguration";
+import { EntraIdConfiguration } from "../../models/entraIdConfiguration";
 import { GSuiteConfiguration } from "../../models/gsuiteConfiguration";
 import { LdapConfiguration } from "../../models/ldapConfiguration";
 import { OktaConfiguration } from "../../models/oktaConfiguration";
@@ -22,13 +22,13 @@ export class SettingsComponent implements OnInit, OnDestroy {
   directoryType = DirectoryType;
   ldap = new LdapConfiguration();
   gsuite = new GSuiteConfiguration();
-  azure = new AzureConfiguration();
+  entra = new EntraIdConfiguration();
   okta = new OktaConfiguration();
   oneLogin = new OneLoginConfiguration();
   sync = new SyncConfiguration();
   directoryOptions: any[];
   showLdapPassword = false;
-  showAzureKey = false;
+  showEntraKey = false;
   showOktaKey = false;
   showOneLoginSecret = false;
 
@@ -42,7 +42,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
     this.directoryOptions = [
       { name: this.i18nService.t("select"), value: null },
       { name: "Active Directory / LDAP", value: DirectoryType.Ldap },
-      { name: "Azure Active Directory", value: DirectoryType.AzureActiveDirectory },
+      { name: "Entra ID", value: DirectoryType.EntraID },
       { name: "G Suite (Google)", value: DirectoryType.GSuite },
       { name: "Okta", value: DirectoryType.Okta },
       { name: "OneLogin", value: DirectoryType.OneLogin },
@@ -56,10 +56,9 @@ export class SettingsComponent implements OnInit, OnDestroy {
     this.gsuite =
       (await this.stateService.getDirectory<GSuiteConfiguration>(DirectoryType.GSuite)) ||
       this.gsuite;
-    this.azure =
+    this.entra =
-      (await this.stateService.getDirectory<AzureConfiguration>(
+      (await this.stateService.getDirectory<EntraIdConfiguration>(DirectoryType.EntraID)) ||
-        DirectoryType.AzureActiveDirectory,
+      this.entra;
-      )) || this.azure;
     this.okta =
       (await this.stateService.getDirectory<OktaConfiguration>(DirectoryType.Okta)) || this.okta;
     this.oneLogin =
@@ -80,7 +79,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
     await this.stateService.setDirectoryType(this.directory);
     await this.stateService.setDirectory(DirectoryType.Ldap, this.ldap);
     await this.stateService.setDirectory(DirectoryType.GSuite, this.gsuite);
-    await this.stateService.setDirectory(DirectoryType.AzureActiveDirectory, this.azure);
+    await this.stateService.setDirectory(DirectoryType.EntraID, this.entra);
     await this.stateService.setDirectory(DirectoryType.Okta, this.okta);
     await this.stateService.setDirectory(DirectoryType.OneLogin, this.oneLogin);
     await this.stateService.setSync(this.sync);
@@ -135,8 +134,8 @@ export class SettingsComponent implements OnInit, OnDestroy {
     document.getElementById("password").focus();
   }
 
-  toggleAzureKey() {
+  toggleEntraKey() {
-    this.showAzureKey = !this.showAzureKey;
+    this.showEntraKey = !this.showEntraKey;
     document.getElementById("secretKey").focus();
   }
 

src/app/tabs/tabs.component.html

@@ -2,19 +2,16 @@
   <ul class="nav nav-tabs mb-3">
     <li class="nav-item">
       <a class="nav-link" routerLink="dashboard" routerLinkActive="active">
-        <i class="bwi bwi-dashboard"></i>
         {{ "dashboard" | i18n }}
       </a>
     </li>
     <li class="nav-item">
       <a class="nav-link" routerLink="settings" routerLinkActive="active">
-        <i class="bwi bwi-cogs"></i>
         {{ "settings" | i18n }}
       </a>
     </li>
     <li class="nav-item">
       <a class="nav-link" routerLink="more" routerLinkActive="active">
-        <i class="bwi bwi-sliders"></i>
         {{ "more" | i18n }}
       </a>
     </li>

src/commands/config.command.ts

@@ -8,7 +8,7 @@ import { MessageResponse } from "@/jslib/node/src/cli/models/response/messageRes
 
 import { StateService } from "../abstractions/state.service";
 import { DirectoryType } from "../enums/directoryType";
-import { AzureConfiguration } from "../models/azureConfiguration";
+import { EntraIdConfiguration } from "../models/entraIdConfiguration";
 import { GSuiteConfiguration } from "../models/gsuiteConfiguration";
 import { LdapConfiguration } from "../models/ldapConfiguration";
 import { OktaConfiguration } from "../models/oktaConfiguration";
@@ -20,7 +20,7 @@ export class ConfigCommand {
   private directory: DirectoryType;
   private ldap = new LdapConfiguration();
   private gsuite = new GSuiteConfiguration();
-  private azure = new AzureConfiguration();
+  private entra = new EntraIdConfiguration();
   private okta = new OktaConfiguration();
   private oneLogin = new OneLoginConfiguration();
   private sync = new SyncConfiguration();
@@ -54,8 +54,11 @@ export class ConfigCommand {
         case "gsuite.key":
           await this.setGSuiteKey(value);
           break;
+        // Azure Active Directory was renamed to Entra ID, but we've kept the old key name
+        // to be backwards compatible with existing configurations.
         case "azure.key":
-          await this.setAzureKey(value);
+        case "entra.key":
+          await this.setEntraIdKey(value);
           break;
         case "okta.token":
           await this.setOktaToken(value);
@@ -102,9 +105,9 @@ export class ConfigCommand {
     await this.saveConfig();
   }
 
-  private async setAzureKey(key: string) {
+  private async setEntraIdKey(key: string) {
     await this.loadConfig();
-    this.azure.key = key;
+    this.entra.key = key;
     await this.saveConfig();
   }
 
@@ -127,10 +130,9 @@ export class ConfigCommand {
     this.gsuite =
       (await this.stateService.getDirectory<GSuiteConfiguration>(DirectoryType.GSuite)) ||
       this.gsuite;
-    this.azure =
+    this.entra =
-      (await this.stateService.getDirectory<AzureConfiguration>(
+      (await this.stateService.getDirectory<EntraIdConfiguration>(DirectoryType.EntraID)) ||
-        DirectoryType.AzureActiveDirectory,
+      this.entra;
-      )) || this.azure;
     this.okta =
       (await this.stateService.getDirectory<OktaConfiguration>(DirectoryType.Okta)) || this.okta;
     this.oneLogin =
@@ -144,7 +146,7 @@ export class ConfigCommand {
     await this.stateService.setDirectoryType(this.directory);
     await this.stateService.setDirectory(DirectoryType.Ldap, this.ldap);
     await this.stateService.setDirectory(DirectoryType.GSuite, this.gsuite);
-    await this.stateService.setDirectory(DirectoryType.AzureActiveDirectory, this.azure);
+    await this.stateService.setDirectory(DirectoryType.EntraID, this.entra);
     await this.stateService.setDirectory(DirectoryType.Okta, this.okta);
     await this.stateService.setDirectory(DirectoryType.OneLogin, this.oneLogin);
     await this.stateService.setSync(this.sync);

src/enums/directoryType.ts

@@ -1,6 +1,6 @@
 export enum DirectoryType {
   Ldap = 0,
-  AzureActiveDirectory = 1,
+  EntraID = 1,
   GSuite = 2,
   Okta = 3,
   OneLogin = 4,

src/models/account.ts

@@ -2,7 +2,7 @@ import { Account as BaseAccount } from "@/jslib/common/src/models/domain/account
 
 import { DirectoryType } from "@/src/enums/directoryType";
 
-import { AzureConfiguration } from "./azureConfiguration";
+import { EntraIdConfiguration } from "./entraIdConfiguration";
 import { GSuiteConfiguration } from "./gsuiteConfiguration";
 import { LdapConfiguration } from "./ldapConfiguration";
 import { OktaConfiguration } from "./oktaConfiguration";
@@ -29,7 +29,10 @@ export class ClientKeys {
 export class DirectoryConfigurations {
   ldap: LdapConfiguration;
   gsuite: GSuiteConfiguration;
-  azure: AzureConfiguration;
+  entra: EntraIdConfiguration;
+  // Azure Active Directory was renamed to Entra ID, but we've kept the old account property name
+  // to be backwards compatible with existing configurations.
+  azure: EntraIdConfiguration;
   okta: OktaConfiguration;
   oneLogin: OneLoginConfiguration;
 }

src/models/entraIdConfiguration.ts

@@ -1,6 +1,6 @@
 import { IConfiguration } from "./IConfiguration";
 
-export class AzureConfiguration implements IConfiguration {
+export class EntraIdConfiguration implements IConfiguration {
   identityAuthority: string;
   tenant: string;
   applicationId: string;

src/program.ts

@@ -190,7 +190,7 @@ export class Program extends BaseProgram {
         writeLn("    server - On-premise hosted installation URL.");
         writeLn("    directory - The type of directory to use.");
         writeLn("    ldap.password - The password for connection to this LDAP server.");
-        writeLn("    azure.key - The Azure AD secret key.");
+        writeLn("    entra.key - The Entra Id secret key.");
         writeLn("    gsuite.key - The G Suite private key.");
         writeLn("    okta.token - The Okta token.");
         writeLn("    onelogin.secret - The OneLogin client secret.");
@@ -202,7 +202,7 @@ export class Program extends BaseProgram {
         writeLn("    bwdc config directory 1");
         writeLn("    bwdc config ldap.password <password>");
         writeLn("    bwdc config ldap.password --secretenv LDAP_PWD");
-        writeLn("    bwdc config azure.key <key>");
+        writeLn("    bwdc config entra.key <key>");
         writeLn("    bwdc config gsuite.key <key>");
         writeLn("    bwdc config okta.token <token>");
         writeLn("    bwdc config onelogin.secret <secret>");

src/services/batch-request-builder.ts

@@ -3,7 +3,7 @@ import { OrganizationImportRequest } from "@/jslib/common/src/models/request/org
 import { GroupEntry } from "@/src/models/groupEntry";
 import { UserEntry } from "@/src/models/userEntry";
 
-import { RequestBuilder } from "../abstractions/request-builder.service";
+import { RequestBuilder, RequestBuilderOptions } from "../abstractions/request-builder.service";
 
 import { batchSize } from "./sync.service";
 
@@ -16,17 +16,22 @@ export class BatchRequestBuilder implements RequestBuilder {
   buildRequest(
     groups: GroupEntry[],
     users: UserEntry[],
-    removeDisabled: boolean,
+    options: RequestBuilderOptions,
-    overwriteExisting: boolean,
   ): OrganizationImportRequest[] {
+    if (options.overwriteExisting) {
+      throw new Error(
+        "You cannot use the 'Remove and re-add organization users during the next sync' option with large imports.",
+      );
+    }
+
     const requests: OrganizationImportRequest[] = [];
 
-    if (users.length > 0) {
+    if (users?.length > 0) {
       const usersRequest = users.map((u) => {
         return {
           email: u.email,
           externalId: u.externalId,
-          deleted: u.deleted || (removeDisabled && u.disabled),
+          deleted: u.deleted || (options.removeDisabled && u.disabled),
         };
       });
 
@@ -37,13 +42,13 @@ export class BatchRequestBuilder implements RequestBuilder {
           groups: [],
           users: u,
           largeImport: true,
-          overwriteExisting,
+          overwriteExisting: false,
         });
         requests.push(req);
       }
     }
 
-    if (groups.length > 0) {
+    if (groups?.length > 0) {
       const groupRequest = groups.map((g) => {
         return {
           name: g.name,
@@ -59,7 +64,7 @@ export class BatchRequestBuilder implements RequestBuilder {
           groups: g,
           users: [],
           largeImport: true,
-          overwriteExisting,
+          overwriteExisting: false,
         });
         requests.push(req);
       }

src/services/batch-requests-builder.spec.ts

@@ -1,46 +1,74 @@
-import { GroupEntry } from "@/src/models/groupEntry";
+import { GetUniqueString } from "@/jslib/common/spec/utils";
+
 import { UserEntry } from "@/src/models/userEntry";
 
+import { RequestBuilderOptions } from "../abstractions/request-builder.service";
+import { groupSimulator, userSimulator } from "../utils/request-builder-helper";
+
 import { BatchRequestBuilder } from "./batch-request-builder";
-import { SingleRequestBuilder } from "./single-request-builder";
 
 describe("BatchRequestBuilder", () => {
   let batchRequestBuilder: BatchRequestBuilder;
-  let singleRequestBuilder: SingleRequestBuilder;
-
-  function userSimulator(userCount: number) {
-    return Array(userCount).fill(new UserEntry());
-  }
-
-  function groupSimulator(groupCount: number) {
-    return Array(groupCount).fill(new GroupEntry());
-  }
 
   beforeEach(async () => {
     batchRequestBuilder = new BatchRequestBuilder();
-    singleRequestBuilder = new SingleRequestBuilder();
+  });
+
+  const defaultOptions: RequestBuilderOptions = Object.freeze({
+    overwriteExisting: false,
+    removeDisabled: false,
   });
 
   it("BatchRequestBuilder batches requests for > 2000 users", () => {
     const mockGroups = groupSimulator(11000);
     const mockUsers = userSimulator(11000);
-
+    const requests = batchRequestBuilder.buildRequest(mockGroups, mockUsers, defaultOptions);
-    const requests = batchRequestBuilder.buildRequest(mockGroups, mockUsers, true, true);
 
     expect(requests.length).toEqual(12);
   });
 
-  it("SingleRequestBuilder returns single request for 200 users", () => {
+  it("BatchRequestBuilder throws error when overwriteExisting is true", () => {
-    const mockGroups = groupSimulator(200);
+    const mockGroups = groupSimulator(11000);
-    const mockUsers = userSimulator(200);
+    const mockUsers = userSimulator(11000);
+    const options = { ...defaultOptions, overwriteExisting: true };
 
-    const requests = singleRequestBuilder.buildRequest(mockGroups, mockUsers, true, true);
+    const r = () => batchRequestBuilder.buildRequest(mockGroups, mockUsers, options);
 
-    expect(requests.length).toEqual(1);
+    expect(r).toThrow(
+      "You cannot use the 'Remove and re-add organization users during the next sync' option with large imports.",
+    );
+  });
+
+  it("BatchRequestBuilder returns requests with deleted users when removeDisabled is true", () => {
+    const mockGroups = groupSimulator(11000);
+    const mockUsers = userSimulator(11000);
+
+    const disabledUser1 = new UserEntry();
+    const disabledUserEmail1 = GetUniqueString() + "@email.com";
+
+    const disabledUser2 = new UserEntry();
+    const disabledUserEmail2 = GetUniqueString() + "@email.com";
+
+    disabledUser1.disabled = true;
+    disabledUser1.email = disabledUserEmail1;
+    disabledUser2.disabled = true;
+    disabledUser2.email = disabledUserEmail2;
+
+    mockUsers[0] = disabledUser1;
+    mockUsers.push(disabledUser2);
+
+    const options = { ...defaultOptions, removeDisabled: true };
+    const requests = batchRequestBuilder.buildRequest(mockGroups, mockUsers, options);
+
+    expect(requests[0].members).toContainEqual({ email: disabledUserEmail1, deleted: true });
+    expect(requests[1].members.find((m) => m.deleted)).toBeUndefined();
+    expect(requests[3].members.find((m) => m.deleted)).toBeUndefined();
+    expect(requests[4].members.find((m) => m.deleted)).toBeUndefined();
+    expect(requests[5].members).toContainEqual({ email: disabledUserEmail2, deleted: true });
   });
 
   it("BatchRequestBuilder retuns an empty array when there are no users or groups", () => {
-    const requests = batchRequestBuilder.buildRequest([], [], true, true);
+    const requests = batchRequestBuilder.buildRequest([], [], defaultOptions);
 
     expect(requests).toEqual([]);
   });

src/services/directory-factory.service.ts

@@ -5,7 +5,7 @@ import { DirectoryFactoryService } from "../abstractions/directory-factory.servi
 import { StateService } from "../abstractions/state.service";
 import { DirectoryType } from "../enums/directoryType";
 
-import { AzureDirectoryService } from "./azure-directory.service";
+import { EntraIdDirectoryService } from "./entra-id-directory.service";
 import { GSuiteDirectoryService } from "./gsuite-directory.service";
 import { LdapDirectoryService } from "./ldap-directory.service";
 import { OktaDirectoryService } from "./okta-directory.service";
@@ -22,8 +22,8 @@ export class DefaultDirectoryFactoryService implements DirectoryFactoryService {
     switch (directoryType) {
       case DirectoryType.GSuite:
         return new GSuiteDirectoryService(this.logService, this.i18nService, this.stateService);
-      case DirectoryType.AzureActiveDirectory:
+      case DirectoryType.EntraID:
-        return new AzureDirectoryService(this.logService, this.i18nService, this.stateService);
+        return new EntraIdDirectoryService(this.logService, this.i18nService, this.stateService);
       case DirectoryType.Ldap:
         return new LdapDirectoryService(this.logService, this.i18nService, this.stateService);
       case DirectoryType.Okta:

src/services/entra-id-directory.service.ts

@@ -9,7 +9,7 @@ import { LogService } from "@/jslib/common/src/abstractions/log.service";
 
 import { StateService } from "../abstractions/state.service";
 import { DirectoryType } from "../enums/directoryType";
-import { AzureConfiguration } from "../models/azureConfiguration";
+import { EntraIdConfiguration } from "../models/entraIdConfiguration";
 import { GroupEntry } from "../models/groupEntry";
 import { SyncConfiguration } from "../models/syncConfiguration";
 import { UserEntry } from "../models/userEntry";
@@ -17,8 +17,10 @@ import { UserEntry } from "../models/userEntry";
 import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";
 
-const AzurePublicIdentityAuhtority = "login.microsoftonline.com";
+const EntraIdPublicIdentityAuthority = "login.microsoftonline.com";
-const AzureGovermentIdentityAuhtority = "login.microsoftonline.us";
+const EntraIdPublicGraphEndpoint = "https://graph.microsoft.com";
+const EntraIdGovernmentIdentityAuthority = "login.microsoftonline.us";
+const EntraIdGovernmentGraphEndpoint = "https://graph.microsoft.us";
 
 const NextLink = "@odata.nextLink";
 const DeltaLink = "@odata.deltaLink";
@@ -32,9 +34,9 @@ enum UserSetType {
   ExcludeGroup,
 }
 
-export class AzureDirectoryService extends BaseDirectoryService implements IDirectoryService {
+export class EntraIdDirectoryService extends BaseDirectoryService implements IDirectoryService {
   private client: graph.Client;
-  private dirConfig: AzureConfiguration;
+  private dirConfig: EntraIdConfiguration;
   private syncConfig: SyncConfiguration;
   private accessToken: string;
   private accessTokenExpiration: Date;
@@ -50,12 +52,12 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
 
   async getEntries(force: boolean, test: boolean): Promise<[GroupEntry[], UserEntry[]]> {
     const type = await this.stateService.getDirectoryType();
-    if (type !== DirectoryType.AzureActiveDirectory) {
+    if (type !== DirectoryType.EntraID) {
       return;
     }
 
-    this.dirConfig = await this.stateService.getDirectory<AzureConfiguration>(
+    this.dirConfig = await this.stateService.getDirectory<EntraIdConfiguration>(
-      DirectoryType.AzureActiveDirectory,
+      DirectoryType.EntraID,
     );
     if (this.dirConfig == null) {
       return;
@@ -207,7 +209,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
     if (keyword === "excludeadministrativeunit" || keyword === "includeadministrativeunit") {
       for (const p of pieces) {
         let auMembers = await this.client
-          .api(`https://graph.microsoft.com/v1.0/directory/administrativeUnits/${p}/members`)
+          .api(`${this.getGraphApiEndpoint()}/v1.0/directory/administrativeUnits/${p}/members`)
           .get();
         // eslint-disable-next-line
         while (true) {
@@ -457,10 +459,10 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
         const identityAuthority =
           this.dirConfig.identityAuthority != null
             ? this.dirConfig.identityAuthority
-            : AzurePublicIdentityAuhtority;
+            : EntraIdPublicIdentityAuthority;
         if (
-          identityAuthority !== AzurePublicIdentityAuhtority &&
+          identityAuthority !== EntraIdPublicIdentityAuthority &&
-          identityAuthority !== AzureGovermentIdentityAuhtority
+          identityAuthority !== EntraIdGovernmentIdentityAuthority
         ) {
           done(new Error(this.i18nService.t("dirConfigIncomplete")), null);
           return;
@@ -478,7 +480,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
           client_id: this.dirConfig.applicationId,
           client_secret: this.dirConfig.key,
           grant_type: "client_credentials",
-          scope: "https://graph.microsoft.com/.default",
+          scope: `${this.getGraphApiEndpoint()}/.default`,
         });
 
         const req = https
@@ -542,4 +544,10 @@ export class AzureDirectoryService extends BaseDirectoryService implements IDire
     exp.setSeconds(exp.getSeconds() + expSeconds);
     this.accessTokenExpiration = exp;
   }
+
+  private getGraphApiEndpoint(): string {
+    return this.dirConfig.identityAuthority === EntraIdGovernmentIdentityAuthority
+      ? EntraIdGovernmentGraphEndpoint
+      : EntraIdPublicGraphEndpoint;
+  }
 }

src/services/single-request-builder.spec.ts

@@ -0,0 +1,79 @@
+import { GetUniqueString } from "@/jslib/common/spec/utils";
+
+import { UserEntry } from "@/src/models/userEntry";
+
+import { RequestBuilderOptions } from "../abstractions/request-builder.service";
+import { groupSimulator, userSimulator } from "../utils/request-builder-helper";
+
+import { SingleRequestBuilder } from "./single-request-builder";
+
+describe("SingleRequestBuilder", () => {
+  let singleRequestBuilder: SingleRequestBuilder;
+
+  beforeEach(async () => {
+    singleRequestBuilder = new SingleRequestBuilder();
+  });
+
+  const defaultOptions: RequestBuilderOptions = Object.freeze({
+    overwriteExisting: false,
+    removeDisabled: false,
+  });
+
+  it("SingleRequestBuilder returns single request for 200 users", () => {
+    const mockGroups = groupSimulator(200);
+    const mockUsers = userSimulator(200);
+
+    const requests = singleRequestBuilder.buildRequest(mockGroups, mockUsers, defaultOptions);
+
+    expect(requests.length).toEqual(1);
+  });
+
+  it("SingleRequestBuilder returns request with overwriteExisting enabled", () => {
+    const mockGroups = groupSimulator(200);
+    const mockUsers = userSimulator(200);
+
+    const options = { ...defaultOptions, overwriteExisting: true };
+    const request = singleRequestBuilder.buildRequest(mockGroups, mockUsers, options)[0];
+
+    expect(request.overwriteExisting).toBe(true);
+  });
+
+  it("SingleRequestBuilder returns request with deleted user when removeDisabled is true", () => {
+    const mockGroups = groupSimulator(200);
+    const mockUsers = userSimulator(200);
+
+    const disabledUser = new UserEntry();
+    const disabledUserEmail = GetUniqueString() + "@example.com";
+    disabledUser.disabled = true;
+    disabledUser.email = disabledUserEmail;
+    mockUsers.push(disabledUser);
+
+    const options = { ...defaultOptions, removeDisabled: true };
+    const request = singleRequestBuilder.buildRequest(mockGroups, mockUsers, options)[0];
+
+    expect(request.members.length).toEqual(201);
+    expect(request.members.pop()).toEqual(
+      expect.objectContaining({ email: disabledUserEmail, deleted: true }),
+    );
+    expect(request.overwriteExisting).toBe(false);
+  });
+
+  it("SingleRequestBuilder returns request with deleted user and overwriteExisting enabled when overwriteExisting and removeDisabled are true", () => {
+    const mockGroups = groupSimulator(200);
+    const mockUsers = userSimulator(200);
+
+    const disabledUser = new UserEntry();
+    const disabledUserEmail = GetUniqueString() + "@example.com";
+    disabledUser.disabled = true;
+    disabledUser.email = disabledUserEmail;
+    mockUsers.push(disabledUser);
+
+    const options = { overwriteExisting: true, removeDisabled: true };
+    const request = singleRequestBuilder.buildRequest(mockGroups, mockUsers, options)[0];
+
+    expect(request.members.pop()).toEqual(
+      expect.objectContaining({ email: disabledUserEmail, deleted: true }),
+    );
+    expect(request.overwriteExisting).toBe(true);
+  });
+});

src/services/single-request-builder.ts

@@ -3,7 +3,7 @@ import { OrganizationImportRequest } from "@/jslib/common/src/models/request/org
 import { GroupEntry } from "@/src/models/groupEntry";
 import { UserEntry } from "@/src/models/userEntry";
 
-import { RequestBuilder } from "../abstractions/request-builder.service";
+import { RequestBuilder, RequestBuilderOptions } from "../abstractions/request-builder.service";
 
 /**
  * This class is responsible for building small (<2k users) syncs as a single
@@ -15,8 +15,7 @@ export class SingleRequestBuilder implements RequestBuilder {
   buildRequest(
     groups: GroupEntry[],
     users: UserEntry[],
-    removeDisabled: boolean,
+    options: RequestBuilderOptions,
-    overwriteExisting: boolean,
   ): OrganizationImportRequest[] {
     return [
       new OrganizationImportRequest({
@@ -31,10 +30,10 @@ export class SingleRequestBuilder implements RequestBuilder {
           return {
             email: u.email,
             externalId: u.externalId,
-            deleted: u.deleted || (removeDisabled && u.disabled),
+            deleted: u.deleted || (options.removeDisabled && u.disabled),
           };
         }),
-        overwriteExisting: overwriteExisting,
+        overwriteExisting: options.overwriteExisting,
         largeImport: false,
       }),
     ];

src/services/state.service.ts

@@ -11,7 +11,7 @@ import { StateService as StateServiceAbstraction } from "@/src/abstractions/stat
 import { DirectoryType } from "@/src/enums/directoryType";
 import { IConfiguration } from "@/src/models/IConfiguration";
 import { Account } from "@/src/models/account";
-import { AzureConfiguration } from "@/src/models/azureConfiguration";
+import { EntraIdConfiguration } from "@/src/models/entraIdConfiguration";
 import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
 import { LdapConfiguration } from "@/src/models/ldapConfiguration";
 import { OktaConfiguration } from "@/src/models/oktaConfiguration";
@@ -21,7 +21,10 @@ import { SyncConfiguration } from "@/src/models/syncConfiguration";
 const SecureStorageKeys = {
   ldap: "ldapPassword",
   gsuite: "gsuitePrivateKey",
+  // Azure Active Directory was renamed to Entra ID, but we've kept the old property name
+  // to be backwards compatible with existing configurations.
   azure: "azureKey",
+  entra: "entraKey",
   okta: "oktaToken",
   oneLogin: "oneLoginClientSecret",
   userDelta: "userDeltaToken",
@@ -68,8 +71,8 @@ export class StateService
         case DirectoryType.Ldap:
           (configWithSecrets as any).password = await this.getLdapKey();
           break;
-        case DirectoryType.AzureActiveDirectory:
+        case DirectoryType.EntraID:
-          (configWithSecrets as any).key = await this.getAzureKey();
+          (configWithSecrets as any).key = await this.getEntraKey();
           break;
         case DirectoryType.Okta:
           (configWithSecrets as any).token = await this.getOktaKey();
@@ -93,7 +96,7 @@ export class StateService
     config:
       | LdapConfiguration
       | GSuiteConfiguration
-      | AzureConfiguration
+      | EntraIdConfiguration
       | OktaConfiguration
       | OneLoginConfiguration,
   ): Promise<any> {
@@ -106,11 +109,11 @@ export class StateService
           await this.setLdapConfiguration(ldapConfig);
           break;
         }
-        case DirectoryType.AzureActiveDirectory: {
+        case DirectoryType.EntraID: {
-          const azureConfig = config as AzureConfiguration;
+          const entraConfig = config as EntraIdConfiguration;
-          await this.setAzureKey(azureConfig.key);
+          await this.setEntraKey(entraConfig.key);
-          azureConfig.key = StoredSecurely;
+          entraConfig.key = StoredSecurely;
-          await this.setAzureConfiguration(azureConfig);
+          await this.setEntraConfiguration(entraConfig);
           break;
         }
         case DirectoryType.Okta: {
@@ -187,23 +190,32 @@ export class StateService
     );
   }
 
-  private async getAzureKey(options?: StorageOptions): Promise<string> {
+  private async getEntraKey(options?: StorageOptions): Promise<string> {
     options = this.reconcileOptions(options, await this.defaultSecureStorageOptions());
     if (options?.userId == null) {
       return null;
     }
+
+    const entraKey = await this.secureStorageService.get<string>(
+      `${options.userId}_${SecureStorageKeys.entra}`,
+    );
+
+    if (entraKey != null) {
+      return entraKey;
+    }
+
     return await this.secureStorageService.get<string>(
       `${options.userId}_${SecureStorageKeys.azure}`,
     );
   }
 
-  private async setAzureKey(value: string, options?: StorageOptions): Promise<void> {
+  private async setEntraKey(value: string, options?: StorageOptions): Promise<void> {
     options = this.reconcileOptions(options, await this.defaultSecureStorageOptions());
     if (options?.userId == null) {
       return;
     }
     await this.secureStorageService.save(
-      `${options.userId}_${SecureStorageKeys.azure}`,
+      `${options.userId}_${SecureStorageKeys.entra}`,
       value,
       options,
     );
@@ -259,8 +271,8 @@ export class StateService
         return await this.getLdapConfiguration();
       case DirectoryType.GSuite:
         return await this.getGsuiteConfiguration();
-      case DirectoryType.AzureActiveDirectory:
+      case DirectoryType.EntraID:
-        return await this.getAzureConfiguration();
+        return await this.getEntraConfiguration();
       case DirectoryType.Okta:
         return await this.getOktaConfiguration();
       case DirectoryType.OneLogin:
@@ -305,17 +317,28 @@ export class StateService
     );
   }
 
-  async getAzureConfiguration(options?: StorageOptions): Promise<AzureConfiguration> {
+  async getEntraConfiguration(options?: StorageOptions): Promise<EntraIdConfiguration> {
+    const entraConfig = (
+      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
+    )?.directoryConfigurations?.entra;
+
+    if (entraConfig != null) {
+      return entraConfig;
+    }
+
     return (
       await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
     )?.directoryConfigurations?.azure;
   }
 
-  async setAzureConfiguration(value: AzureConfiguration, options?: StorageOptions): Promise<void> {
+  async setEntraConfiguration(
+    value: EntraIdConfiguration,
+    options?: StorageOptions,
+  ): Promise<void> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultOnDiskOptions()),
     );
-    account.directoryConfigurations.azure = value;
+    account.directoryConfigurations.entra = value;
     await this.saveAccount(
       account,
       this.reconcileOptions(options, await this.defaultOnDiskOptions()),

src/services/stateMigration.service.ts

@@ -3,7 +3,7 @@ import { StateMigrationService as BaseStateMigrationService } from "@/jslib/comm
 
 import { DirectoryType } from "@/src/enums/directoryType";
 import { Account, DirectoryConfigurations, DirectorySettings } from "@/src/models/account";
-import { AzureConfiguration } from "@/src/models/azureConfiguration";
+import { EntraIdConfiguration } from "@/src/models/entraIdConfiguration";
 import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
 import { LdapConfiguration } from "@/src/models/ldapConfiguration";
 import { OktaConfiguration } from "@/src/models/oktaConfiguration";
@@ -14,6 +14,7 @@ const SecureStorageKeys: { [key: string]: any } = {
   ldap: "ldapPassword",
   gsuite: "gsuitePrivateKey",
   azure: "azureKey",
+  entra: "entraIdKey",
   okta: "oktaToken",
   oneLogin: "oneLoginClientSecret",
   directoryConfigPrefix: "directoryConfig_",
@@ -104,13 +105,16 @@ export class StateMigrationService extends BaseStateMigrationService {
       }
     };
 
-    // Initilize typed objects from key/value pairs in storage to either be saved temporarily until an account is authed or applied to the active account
+    // Initialize typed objects from key/value pairs in storage to either be saved temporarily until an account is authed or applied to the active account
     const getDirectoryConfig = async <T>(type: DirectoryType) =>
       await this.get<T>(SecureStorageKeys.directoryConfigPrefix + type);
     const directoryConfigs: DirectoryConfigurations = {
       ldap: await getDirectoryConfig<LdapConfiguration>(DirectoryType.Ldap),
       gsuite: await getDirectoryConfig<GSuiteConfiguration>(DirectoryType.GSuite),
-      azure: await getDirectoryConfig<AzureConfiguration>(DirectoryType.AzureActiveDirectory),
+      // Azure Active Directory was renamed to Entra ID, but we've kept the old property name
+      // to be backwards compatible with existing configurations.
+      azure: await getDirectoryConfig<EntraIdConfiguration>(DirectoryType.EntraID),
+      entra: await getDirectoryConfig<EntraIdConfiguration>(DirectoryType.EntraID),
       okta: await getDirectoryConfig<OktaConfiguration>(DirectoryType.Okta),
       oneLogin: await getDirectoryConfig<OneLoginConfiguration>(DirectoryType.OneLogin),
     };

src/services/sync.service.integration.spec.ts

@@ -0,0 +1,132 @@
+import { mock, MockProxy } from "jest-mock-extended";
+
+import { ApiService } from "@/jslib/common/src/abstractions/api.service";
+import { CryptoFunctionService } from "@/jslib/common/src/abstractions/cryptoFunction.service";
+import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
+import { EnvironmentService } from "@/jslib/common/src/services/environment.service";
+
+import { I18nService } from "../../jslib/common/src/abstractions/i18n.service";
+import { LogService } from "../../jslib/common/src/abstractions/log.service";
+import { groupFixtures } from "../../openldap/group-fixtures";
+import { userFixtures } from "../../openldap/user-fixtures";
+import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
+import { DirectoryType } from "../enums/directoryType";
+import { getLdapConfiguration, getSyncConfiguration } from "../utils/test-fixtures";
+
+import { BatchRequestBuilder } from "./batch-request-builder";
+import { LdapDirectoryService } from "./ldap-directory.service";
+import { SingleRequestBuilder } from "./single-request-builder";
+import { StateService } from "./state.service";
+import { SyncService } from "./sync.service";
+import * as constants from "./sync.service";
+
+describe("SyncService", () => {
+  let logService: MockProxy<LogService>;
+  let i18nService: MockProxy<I18nService>;
+  let stateService: MockProxy<StateService>;
+  let cryptoFunctionService: MockProxy<CryptoFunctionService>;
+  let apiService: MockProxy<ApiService>;
+  let messagingService: MockProxy<MessagingService>;
+  let environmentService: MockProxy<EnvironmentService>;
+  let directoryFactory: MockProxy<DirectoryFactoryService>;
+
+  let batchRequestBuilder: BatchRequestBuilder;
+  let singleRequestBuilder: SingleRequestBuilder;
+  let syncService: SyncService;
+  let directoryService: LdapDirectoryService;
+
+  const originalBatchSize = constants.batchSize;
+
+  beforeEach(() => {
+    logService = mock();
+    i18nService = mock();
+    stateService = mock();
+    cryptoFunctionService = mock();
+    apiService = mock();
+    messagingService = mock();
+    environmentService = mock();
+    directoryFactory = mock();
+
+    stateService.getDirectoryType.mockResolvedValue(DirectoryType.Ldap);
+    stateService.getOrganizationId.mockResolvedValue("fakeId");
+
+    directoryService = new LdapDirectoryService(logService, i18nService, stateService);
+    directoryFactory.createService.mockReturnValue(directoryService);
+
+    batchRequestBuilder = new BatchRequestBuilder();
+    singleRequestBuilder = new SingleRequestBuilder();
+
+    syncService = new SyncService(
+      cryptoFunctionService,
+      apiService,
+      messagingService,
+      i18nService,
+      environmentService,
+      stateService,
+      batchRequestBuilder,
+      singleRequestBuilder,
+      directoryFactory,
+    );
+  });
+
+  describe("OpenLdap integration: ", () => {
+    it("with largeImport disabled matches directory fixture data", async () => {
+      stateService.getDirectory
+        .calledWith(DirectoryType.Ldap)
+        .mockResolvedValue(getLdapConfiguration());
+      stateService.getSync.mockResolvedValue(
+        getSyncConfiguration({
+          users: true,
+          groups: true,
+          largeImport: false,
+          overwriteExisting: false,
+        }),
+      );
+
+      cryptoFunctionService.hash.mockResolvedValue(new ArrayBuffer(1));
+      // This arranges the last hash to be differet from the ArrayBuffer after it is converted to b64
+      stateService.getLastSyncHash.mockResolvedValue("unique hash");
+
+      const syncResult = await syncService.sync(false, false);
+
+      expect(syncResult).toEqual([groupFixtures, userFixtures]);
+
+      expect(apiService.postPublicImportDirectory).toHaveBeenCalledWith(
+        expect.objectContaining({ overwriteExisting: false }),
+      );
+      expect(apiService.postPublicImportDirectory).toHaveBeenCalledTimes(1);
+    });
+
+    it("with largeImport enabled matches directory fixture data", async () => {
+      stateService.getDirectory
+        .calledWith(DirectoryType.Ldap)
+        .mockResolvedValue(getLdapConfiguration());
+      stateService.getSync.mockResolvedValue(
+        getSyncConfiguration({
+          users: true,
+          groups: true,
+          largeImport: true,
+          overwriteExisting: false,
+        }),
+      );
+
+      cryptoFunctionService.hash.mockResolvedValue(new ArrayBuffer(1));
+      // This arranges the last hash to be differet from the ArrayBuffer after it is converted to b64
+      stateService.getLastSyncHash.mockResolvedValue("unique hash");
+
+      // @ts-expect-error This is a workaround to make the batchsize smaller to trigger the batching logic since its a const.
+      constants.batchSize = 4;
+
+      const syncResult = await syncService.sync(false, false);
+
+      expect(syncResult).toEqual([groupFixtures, userFixtures]);
+      expect(apiService.postPublicImportDirectory).toHaveBeenCalledWith(
+        expect.objectContaining({ overwriteExisting: false }),
+      );
+      expect(apiService.postPublicImportDirectory).toHaveBeenCalledTimes(6);
+
+      // @ts-expect-error Reset batch size to original state.
+      constants.batchSize = originalBatchSize;
+    });
+  });
+});

src/services/sync.service.spec.ts

@@ -34,6 +34,8 @@ describe("SyncService", () => {
 
   let syncService: SyncService;
 
+  const originalBatchSize = constants.batchSize;
+
   beforeEach(() => {
     cryptoFunctionService = mock();
     apiService = mock();
@@ -115,11 +117,12 @@ describe("SyncService", () => {
     expect(apiService.postPublicImportDirectory).toHaveBeenCalledWith(mockRequests[3]);
     expect(apiService.postPublicImportDirectory).toHaveBeenCalledWith(mockRequests[4]);
     expect(apiService.postPublicImportDirectory).toHaveBeenCalledWith(mockRequests[5]);
+
+    // @ts-expect-error Reset batch size back to original value.
+    constants.batchSize = originalBatchSize;
   });
 
   it("does not post for the same hash", async () => {
-    // @ts-expect-error this sets the batch size back to its expexted value for this test.
-    constants.batchSize = 2000;
     stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
     cryptoFunctionService.hash.mockResolvedValue(new ArrayBuffer(1));
     // This arranges the last hash to be the same as the ArrayBuffer after it is converted to b64

src/services/sync.service.ts

@@ -83,13 +83,7 @@ export class SyncService {
         return [groups, users];
       }
 
-      const reqs = this.buildRequest(
+      const reqs = this.buildRequest(groups, users, syncConfig);
-        groups,
-        users,
-        syncConfig.removeDisabled,
-        syncConfig.overwriteExisting,
-        syncConfig.largeImport,
-      );
 
       const result: HashResult = await this.generateHash(reqs);
 
@@ -219,24 +213,12 @@ export class SyncService {
   private buildRequest(
     groups: GroupEntry[],
     users: UserEntry[],
-    removeDisabled: boolean,
+    syncConfig: SyncConfiguration,
-    overwriteExisting: boolean,
-    largeImport = false,
   ): OrganizationImportRequest[] {
-    if (largeImport && groups.length + users.length > batchSize) {
+    if (syncConfig.largeImport && (groups?.length ?? 0) + (users?.length ?? 0) > batchSize) {
-      return this.batchRequestBuilder.buildRequest(
+      return this.batchRequestBuilder.buildRequest(groups, users, syncConfig);
-        groups,
-        users,
-        overwriteExisting,
-        removeDisabled,
-      );
     } else {
-      return this.singleRequestBuilder.buildRequest(
+      return this.singleRequestBuilder.buildRequest(groups, users, syncConfig);
-        groups,
-        users,
-        overwriteExisting,
-        removeDisabled,
-      );
     }
   }
 

src/utils/request-builder-helper.ts

@@ -0,0 +1,26 @@
+import { GetUniqueString } from "@/jslib/common/spec/utils";
+
+import { GroupEntry } from "../models/groupEntry";
+import { UserEntry } from "../models/userEntry";
+
+export function userSimulator(userCount: number): UserEntry[] {
+  const users: UserEntry[] = [];
+  while (userCount > 0) {
+    const userEntry = new UserEntry();
+    userEntry.email = GetUniqueString() + "@example.com";
+    users.push(userEntry);
+    userCount--;
+  }
+  return users;
+}
+
+export function groupSimulator(groupCount: number): GroupEntry[] {
+  const groups: GroupEntry[] = [];
+  while (groupCount > 0) {
+    const groupEntry = new GroupEntry();
+    groupEntry.name = GetUniqueString();
+    groups.push(groupEntry);
+    groupCount--;
+  }
+  return groups;
+}