Azure Active Directory - Users & Calendar

Gewijzigd op Vr, 25 Aug, 2023 om 10:56 AM

Functions of the integration

The primary purpose of the integration:

  • User synchronization from Azure AD - Synchronizes your users to Emply.
  • Deactivation of Emply users
  • Managing roles with the integration
  • Synchronization of Outlook calendars (MS365 only)
    • Retrieves user's outlook calendar and displays in Emply calendar
    • Creates calendar events from Emply to Outlook
  • Emply update of users in Azure AD*
    • Create new AD users
    • Update AD users
    • Delete AD users

*Only in pure Azure AD, not in hybrid mode where e.g. users are created in an OnPrem AD.

 

User synchronization from Azure to Emply

When the Azure AD integration is activated the users from the AD groups will start synchronizing to Emply with the following data:

AzureEmplyComments
First nameFirst nameOnly when defined in Azure
Last nameLast nameOnly when defined in Azure
EmailEmailOnly when not defined in Emply
UserPrincipalNameUsernameOnly when not defined in Emply
MobilePhoneMobilPhoneOnly when defined in Azure
MainGroupIdDepartmentDefault department ID from found Azure group. Otherwise default department ID from Azure integration.
Job titleJob titleOnly when defined in Azure
MainGroupIdLanguageDefault language from found Azure group. Otherwise default language from Azure integration.
GroupIdRolesIf "Synchronize roles" is disabled and there are old roles, then old roles are used. Roles are taken from default role ID from found Azure group or default role ID from Azure integration.
MainGroupIdTime zoneDefault time zone from found Azure group. Otherwise default timezone from Azure integration.
MainGroupIdCurrencyDefault currency from Azure group found. Otherwise default currency from Azure integration.

 

New users

Afterwards only new users will be created with the above criteria.

 

Existing users

Updating existing users from Azure AD to Emply will only update:

First name, Last name, Job title & Mobile phone

 

Deactivating a user

If an AD user is removed from the AD group(s) associated with Emply, the user will be deactivated in Emply. A job is run every half hour to check that existing users are connected.

 

Management of roles

When this feature is enabled on the integration, you will be able to control role assignment in Emply. This is controlled by a job running every half hour. 

 

Synchronize calendars

Screenshot_2023-04-19_at_10.19.47.png

Once you have enabled synchronisation of calendar functionality in the integration, all AD calendars where AD user has editing rights or higher to Emply will be added automatically 

The AD user's own default calendar will be added without the Disable button but all other calendars WILL be added with the "Disable/Enable" buttons 

Screenshot_2023-04-19_at_10.19.30.png

All additional calendars will be added as "Disabled" by default. If a user wishes to enable event synchronisation to one of these calendars, they must press the "Enable" button in their user settings 

When this feature is enabled, there will be a 2-way synchronization of calendar appointments between Emply and Outlook (MS365).

If one of the following condition is true:
a) azureBruger.Mail = emplyUser.Email
b) azureUser.UserPrincipalName = emplyUser.UserName
c) azureUser.Id = emplyUser.UserDefinedGuid
d) azureUser.Id findes i UserConections-tabellen af ExternalId

 

Outlook calendar appointments


Outlook calendar appointments are loaded into the Emply user's calendar

Screenshot_2022-10-27_at_15.18.32.png

Note: Outlook calendar appointments titles and information are displayed only to the Emply user.

 

 

Emply update of users in Azure AD


To update users in Azure AD, you must have a clean Azure AD. 

Sk_rmbillede_2023-01-26_kl._10.22.55.png


Once one of the above is selected, one will be able to view predefined and set up mapping of user profile fields and employee profile fields. 

Azure AD users are updated as soon as a change is made to the user or employee profile in the Emply interface.

 

 

Preparation and rules for activating the Azure AD integration

Create at least one Azure AD group with the users you want to create in Emply (Emply does not support Nested Groups).

 

 

 

Activating the Azure AD integration

Go to Settings > Integrations > find 'Azure Active Directory' and press 'Activate'.

 


At the next window that opens, press 'Connect'(Verbinden):

 

To complete the connection, log in with your Microsoft account:

Sk_rmbillede_2020-05-05_kl._10.48.28.png

 

Then the integration needs to be configured:

Sk_rmbillede_2021-09-15_kl._10.02.20.png

 

 

Upon activation of the integration, Emply will automatically receive data from the selected Azure AD groups. This means that upon activation, data from Azure AD comes to Emply. If it is desired that data can also be sent from Emply to Azure AD there is the option to configure this by checking one or all of;

  • Create: Create new users in AD that have been created in Emply.
  • Update: Update user data in AD once it has been updated in Emply
  • Delete: delete users in AD that have been disabled in Emply

 

When you enable the integration with an Azure AD account, you grant Emply the rights below: 

Sk_rmbillede_2020-09-08_kl._12.08.07.png

 

 

Data from Azure to Emply

Users

Does not work with hybrid AD

You can set the integration to administer your Azure AD users. This allows Emply to create, update and delete users in your AD that are also present in Emply. The customer is responsible for setting up Azure AD.


Create

Users will be created in the Azure Active library. For now, new users from Emply will have to be manually assigned to a specific AD group.

 

Update

When existing Emply users are updated with information, they will be transferred to AD when the user is saved.

 

Delete

The AD user is moved from 'Users' to 'Deleted users'. Users are permanently deleted after 30 days.

 

 

 

Mapping data from Emply to Azure AD

The mapping is set up by going to Settings > Account > Users > select user or press 'New user'.

On the example below, it appears that Azure AD is listed in the left column and the mapping options from Emply are selected in the right column:

MicrosoftTeams-image__1_.png

 

Please note:

Extension attributes are not supported in Azure UI and can only be retrieved by calling with Microsoft Graph. The customer must set up a job for this, help can be obtained from Microsoft's own documentation. Emply does not support.

 


Groups

Important: If you do not have the option to select groups, the reason is that there are problems connecting. In this case, disconnect and try again. If you had already enabled the integration without noticing that you had to select 'group', this will mean that the integration will most likely have synchronized all your AD users.

  • Default role: set this role to apply to your AD group
  • Default department: select a department where you want to import new AD users
  • Language: set the language for users (first time)
  • Time zone: sets the time zone for a user (first time)
  • Currency: sets the currency for a user (first time)

 


Select an AD group where the configuration below will apply:

Sk_rmbillede_2020-08-25_kl._16.52.54.png

 

Synchronize roles: By activating the Synchronize roles button, the integration manages the roles of the users on a continuous basis. If this is enabled, the roles will be managed by the Azure AD integration. If this is turned off, the role is only assigned the first time.

If you want further explanation, seek help from support or your implementation consultant.

Sk_rmbillede_2023-01-26_kl._10.25.33.png

Sk_rmbillede_2023-01-26_kl._10.25.22.png

 

 

Synchronize calendars: When the button is enabled, your outlook calendars will be synchronized with Emply. We recommend using this setting to be able to use the functionality of, for example, booking job interviews in the recruitment module.

Sk_rmbillede_2023-01-26_kl._10.25.42.png

 

 

Member of multiple AD groups: a user can be a member of multiple AD groups, and thus be assigned multiple roles in Emply.


Below is an example of two groups: 'Roman Test Group' and 'Rasmus test'. The roles and departments that are members of the groups are determined here.


In 'Roman Test Gorup' the default role is 'Adminstrator' and the default department is 'HR'.

In the group 'Rasmus test' the default role is 'CSE ON' and the default department is 'Headquarter'.

Sk_rmbillede_2023-01-26_kl._10.26.22.png

 

Meeting rooms: Here you can add your meeting rooms. Note that meeting rooms must be created as 'User' types in AD in order to be added. If meeting rooms are set up as 'Resource' in AD this cannot be added. 

Sk_rmbillede_2022-08-10_kl._13.29.23.png

 

 

When AD is enabled, users will be updated in Azure AD. If the synchronization fails an error will be shown in the activity log under integrations.

Sk_rmbillede_2020-09-08_kl._13.09.08.png

 

 

Removing Azure AD groups

When you need to remove Azure AD groups, they must be removed from the Azure AD integration in Emply. Please note that removing AD groups in Azure does not remove the groups in Emply.

 


Removing the integration

To remove the integration completely, you must perform two steps:

It requires you to be logged in as either a global administrator, an application administrator, or a cloud application administrator. 

 

  1. Removing the integration in Emply stops all synchronization between your Azure AD and Emply. Users will no longer sync, and synced Outlook events will be removed in the Emply calendar. You can only re-enable the integration by logging in as administrator.
  2. Removing the Emply enterprise app in Azure is done by logging into your portal Azure account. Find the Emply application under 'Enterprise applications'. Then go to 'Properties' and delete. You can find more about enterprise apps on Microsoft.com here.

Sk_rmbillede_2020-10-20_kl._10.53.55.png

 

 

How to remove unwanted users in Emply 

Go to Account > Users

  • Filter out all users to keep in Emply
  • Select all users
  • Disable all
  • Go to 'Disabled'
  • Select all and delete them

Delete_users.png

 

 

Enable the integration again

Go to Settings > Integrations

Sk_rmbillede_2021-09-15_kl._10.02.20.png

 

  • Open the Azure AD integration
  • Reconfigure the group(s) in the Azure AD integration
    • Or remove the Azure AD application and re-enable it - remember to set up your groups
  • Save


For more information about the Azure Integration, review Azure 101

Was dit artikel nuttig?

Dat is fantastisch!

Hartelijk dank voor uw beoordeling

Sorry dat we u niet konden helpen

Hartelijk dank voor uw beoordeling

Laat ons weten hoe we dit artikel kunnen verbeteren!

Selecteer tenminste een van de redenen
CAPTCHA-verificatie is vereist.

Feedback verzonden

We stellen uw moeite op prijs en zullen proberen het artikel te verbeteren