Ever wanted to ensure accuracy of internal email addresses or job titles in Enboarder? Well if your company uses Microsoft AzureActive Directory...this is now possible!

Prerequisite 

  • Your organisation must have an admin account in Microsoft Azure, and all of your users (employees') need to be set up in Microsoft Azure directory
  • The admin user must set up an application for one or more tenants in https://portal.azure.com, and register it to set up OAuth flow. To do this, login to the Azure portal. Go to Azure Active Directory > App registration > New Registration.

Please set up the following properties in this app

Name - Enter a meaningful application name that will be displayed to users of the app. For example - Enboarder-Integration

2. Supported account types - Select which accounts you would like your application to support based on your requirement:

  • Accounts in this organizational directory only
  • Accounts in any organizational directory
  • Accounts in any organizational directory and personal Microsoft accounts

3. Redirect URI (optional) - Select the type of app - Web or Public client (mobile & desktop), and then enter the redirect URI (or reply URL) for application.

The Following permission should be enabled for Microsoft Graph API and admin users should provide consent for same:

  1. Delegated Permission
     
    - User.Read
    - Basic.All
    - User.Read.All
    - Directory.Read.All
    - Directory.AccessAsUser.All
    - profile
  2. Application Permission

    - User.Read.All
    - Directory.Read.All
    - Directory.ReadWrite.All

After application is registered, please generate the client secret ID

Please note down the below values and keep them handy. These values are required during integration set up in Enboarder.

  • tenantID
  • client_id
  • Client_credential

Setting up Azure AD in Enboarder

  1. Login as an admin user, and go to Settings > Integration > App Center
  2. Click on the tile 'Azure Active Directory' (or search if you can't see it) for which you want the integration setup

3. Click on Add Integration

4. Check the Download all initial profiles checkbox if you want to load all existing profiles that exist in Azure AD and click next

5. On this screen, enter the client id, tenant id and secret key which you have generated while registering the application in Azure AD (the steps above) and click on Integrate Now

6. The system will redirect you to a Microsoft site, where you will need to enter your Microsoft Azure portal credentials

7. On successful authentication, you will be redirected to Enboarder and the tile 'Azure Active Directory' will be shown as integrated

Profile Field Mapping

The below fields are mapped by default in Enboarder. You can add more however, and these can be configured from the profile page:

Azure Fields Supported

We are using Microsoft Graph Delta query to fetch profile fields.  We are supporting simple text or number fields. Please define them in Enboarder before integrating the tile, as these fields will be fetched from Azure going forward. If you wish to add new fields in the future, then you will need to delete the integration in Enboarder, and reintegrate. 

Here is the list of fields supported:

Configuring additional profile fields

  • Login to Enboarder as an admin
  • Go to Settings > Profile Fields

Click on 'Add New' to add a new field. The name of the field should be the same as what is coming in the payload from Azure, or what is displayed in your Azure AD portal for a user. Make sure to select the 'Link this field to an Azure Active Directory field' checkbox. Only fields having this check box checked will auto sync with Azure AD.

Using profile details in Enboarder forms

If you'd like to use the details brought from Active Directory for steps such as having a manager select a buddy in a form, you'll just need to activate the 'Allow look-up profile registry for:' setting in Settings > Security

Then when in a form, you'll want to drag the 'Date, time, number, email...' widget across, and select 'Profile Directory'.

If you wish to use this response in an update value module (for example if you're wanting to update a Buddy's details), then you will want to select the 'Profile' field, as you can see below.

Azure Profile Pic

The system will also fetch the profile picture from a users profile in Azure AD. If a user uploads his or her profile photo in Azure AD, the same will be reflected in Enboarder. Cool huh?

TroubleShooting 

You can investigate mapping issues very easily. The API response is available to view in your Enboarder account. Go to Settings > Integration > Audit logs for that account to view complete payload. There will be multiple rows for each batch. 

Click on a row to see the complete payload sent to Enboarder

Reach out to your Customer Success Manager with any questions!

Did this answer your question?