User Syncing with Microsoft Entra ID (formerly Azure Active Directory)

Note that Microsoft Azure has recently renamed to Microsoft Entra ID. Check out this article for more info.

Connect your environment’s people data to Entra ID


Note:

In order for the integration to work, Simpplr requires consent provided by the Microsoft Global Admin user. Then the Group Admin user must connect with their credentials. The Group Admin is required in order to read user profile data from the MS Admin. Once the Global Admin connection is established, the Global Admin user can remove the Global Admin permission from the account if they wish and connect again using an account that has all the permissions listed below. The Global Admin connection is only required temporarily to approve the consent for the integration as some of these permissions can not be granted unless a Global Admin approves the same.

We recommend resetting the Admin user's password every few months for added security. Changing the admin connection password will not affect the integration or any user access in any way on Simpplr.

Any syncing issue between on premise (Entra ID) to cloud is beyond the scope of Simpplr and is not supported.

 

Users who are the Entra ID Global Admins and have Salesforce System admin access can complete the instructions below to select Microsoft Entra ID as the source for Simpplr's people data.

To be able to sync users' data and fields on Simpplr, Simpplr needs to read certain data of users in the organization, hence we request for the User.Read.All scope (this is the least privileged scope).

The User.Read.All permission allows Simpplr to read all users' full profiles, which include sets of profile properties, reports and managers of users in your organization.

From an application standpoint, User.Read.All is the least privileged permission. Since the app needs to read users' data from Microsoft Graph, Microsoft mandates admin consent to be provided for the application only can be granted using the Global Admin user. As mentioned above, once the Global Admin consent has been provided, the user can remove the permission from the account.

The image below highlights which permissions require Global Admin consent, and what user data is being pulled from Microsoft to Simpplr. These permissions must be granted by the Global Admin user.
Azure_syncing_global_admin_requirements.png

  1. As the Admin user, in Simpplr, go to Manage > Application > Integrations > People Data.
  2. Select the Microsoft Entra ID to connect using admin credentials. You will be asked to accept the requested permissions as shown below.
    image__22_.png
  3. After signing into the source account with admin credentials, your source account will be connected and you'll be redirected back to Simpplr.


Odin Entra 1.png

 

 

Set up Entra ID user attribute syncing

Back to top

If your environment is connected to Entra ID, System admins will be able to sync user attributes from Entra:

  1. Go to Manage App > People > User Syncing.
  2. Select Microsoft Entra ID as the syncing source.
  3. Select which fields you want to sync between Entra and Simpplr. 
  4. To sync user people data, run ScheduleSimpplrServices. This job is pre-scheduled to run once a day, but can be run on-demand.


Odin Entra 2.png

selecting fields to sync between Entra ID and Simpplr

Batch sync and provision Simpplr people data with Entra ID

Back to top

Once your environment is connected to Entra ID, and Entra ID is selected as the People data source, System admins are ready to batch sync and/or provision People data in Simpplr with Entra ID's source data:

  1. Go to Manage > Application > Setup > Schedulers.
  2. To provision users on-demand, run ScheduleHourlySimpplrServices. This job is pre-scheduled to run every three hours, but can be run on-demand.
  3. To sync user people data on-demand, run ScheduleSimpplrServices. This job is pre-scheduled to run once a day, but can be run on-demand.
  4. Simpplr People data will be automatically synced or provisioned accordingly.

setup_-_schedulers_copy_2x.png

options for a batch job under Schedulers

 

Changes in Simpplr app

  1. Log in to your Simpplr app as the System administrator.
  2. Go to Manage > Application > People. Select User syncing and scroll down to the Hire date field. Check the box.
  3. Click Save.
  4. The data will sync within 24 hours on Simpplr.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more