Skip to main content
All CollectionsIntegration Information 🕵Integration Documents
Microsoft Entra ID (formerly Microsoft Azure Active Directory) Configuration
Microsoft Entra ID (formerly Microsoft Azure Active Directory) Configuration

Setting up active directory to sync your internal contacts with Enboarder.

Chris Jones avatar
Written by Chris Jones
Updated over 3 months ago

Ever wanted to ensure the accuracy of internal email addresses or job titles in Enboarder? Well if your company uses Microsoft Entra ID (formerly Microsoft Azure Active Directory) this is now possible!

Before you begin: Like anything worth doing, integrations take time. Please allow up to 4 weeks for this integration to be completed, this includes time for scoping, development and testing. You’ll also need to have a system expert and/or system administrator to assist in the completion of this integration.

Prerequisite 

  • Your organization must have an admin account in Entra ID, and all of your users (employees) need to be set up in the Entra ID directory

  • The admin user must set up an application for one or more tenants in https://portal.azure.com, and register it to set up OAuth flow. To do this, login to the Azure portal. Go to Azure Active Directory > App registration > New Registration.

Please set up the following properties in this app

Name - Enter a meaningful application name that will be displayed to users of the app. For example - Enboarder-Integration

2. Supported account types - Select which accounts you would like your application to support based on your requirement:

  • Accounts in this organizational directory only

  • Accounts in any organizational directory

  • Accounts in any organizational directory and personal Microsoft accounts

3. Redirect URI (optional) - Select the type of app - Web or Public client (mobile & desktop), and then enter the redirect URI (or reply URL) for the application.

The Following permission should be enabled for Microsoft Graph API and admin users should provide consent for the same:

  1. Delegated Permission
    ​ 
    - User.Read
    - Basic.All
    - User.Read.All
    - Directory.Read.All
    - Directory.AccessAsUser.All
    - profile

  2. Application Permission

    - User.Read.All
    - Directory.Read.All
    - Directory.ReadWrite.All

After the application is registered, please generate the client's secret ID

Please note down the below values and keep them handy. These values are required during integration set up in Enboarder.

  • tenantID

  • client_id

  • Client_credential

Setting up Entra ID (formerly Azure AD) in Enboarder

  1. Log in as an admin user, and go to Settings > Apps & Integration > App Center.

  2. Click on the tile 'Azure Active Directory' (or search if you can't see it) and click it.

3. Click on Add Integration

4. Check the Download all initial profiles checkbox if you want to load all existing profiles that exist in Azure AD and then enter the Application (client) ID, tenant ID, and secret key which you have generated while registering the application in Azure AD (the steps above) and click on Add Integration.

5. The system will redirect you to a Microsoft site, where you will need to enter your Microsoft Azure portal credentials

6. Upon successful authentication, you will be redirected back to Enboarder and the tile 'Azure Active Directory' tile will be shown as integrated by a green tick appearing on the tile.

Data mapping + more

Profile Field Mapping

The below fields are mapped by default in Enboarder. You can add more, however, and these can be configured from the profile page:

Please see below for an example of how the filters should be set up in Enboarder:{{AzureAD ColumnName}}={{possible values comma separated}}

For example, if the Azure AD column name is Department and the possible values are Sales and Marketing, then the filter will be as follows: Department=Sales,Marketing

EntraID/Azure Fields Supported

We are using the Microsoft Graph Delta query to fetch profile fields.  We are supporting simple text or number fields. Please define them in Enboarder before integrating the tile, as these fields will be fetched from Azure going forward. If you wish to add new fields in the future, then you will need to delete the integration in Enboarder and reintegrate. 

Here is the list of fields supported:

Configuring additional profile fields

  • Login to Enboarder as an Admin

  • Go to Settings > General > Profile Fields

Click on 'Add New' to add a new field. The name of the field should be the same as what is coming in the payload from Azure, or what is displayed in your Azure AD portal for a user. Make sure to select the 'Link this field to an Azure Active Directory field' checkbox. Only fields having this check box checked will auto-sync with Azure AD.

Using profile details in Enboarder forms

If you'd like to use the details brought from Active Directory for steps such as having a manager select a buddy in a form, you'll just need to activate the 'Allow look-up profile registry for:' setting in Settings > Account & Security > Security

Then when in a form, you'll want to add the 'Unique Field' Widget and select 'Profile'.

If you wish to use this response in an update value module (for example if you're wanting to update Buddy's details), then you will want to select the 'Profile' field, as you can see below.

Azure Profile Pic

The system will also fetch the profile picture from a user's profile in Azure AD. If a user uploads his or her profile photo in Azure AD, the same will be reflected in Enboarder. Cool huh?

Troubleshooting 

You can investigate mapping issues very easily. The API response is available to view in your Enboarder account. Go to Settings > Apps & Integrations > Audit logs for that account to view the complete payload. There will be multiple rows for each batch. 

Click on a row to see the complete payload sent to Enboarder

Got questions? Start a chat with the team in the top right corner of any page!

Did this answer your question?