Azure Active Directory - Users and calendar

 

Usage and purpose of the integration

The main purpose of the integration is to

  • Update and synchronize users to Emply*
  • Synchronize calendars (only MS365)
  • Synchronize roles**
  • Secondly you can allow Emply to write to your Azure AD users. (Will not work in hybrid AD)

*If you have employees with same email as the user these 2 profiles link. Then the employee's department has higher priority.

**If you want Azure AD groups to assign and manage emply roles - you need to configure multiple AD groups and only single roles. As Emply users can have multiple roles this setting is not used in most cases.

Activate Azure AD integration

Preparation and rules

Create minimum 1 Azure AD group with the users you want to create in Emply

AD users can only appear once, no duplicates

We do not support nested groups

 

Tip!

Start with one group and select lowest permissions (role)

Do not activate "synchronize roles"

Do not setup user create, update and delete

Sk_rmbillede_2020-05-05_kl._10.46.33.png

Sk_rmbillede_2021-01-28_kl._16.41.30.png

 

Sk_rmbillede_2020-05-05_kl._10.48.15.png

Sk_rmbillede_2020-05-05_kl._10.48.28.png

When you activate this with an Azure AD account, Emply entitles you to the following. 

Sk_rmbillede_2020-09-08_kl._12.08.07.png

Permissions

Sk_rmbillede_2020-08-25_kl._13.54.07.png

Sk_rmbillede_2020-08-25_kl._13.54.58.png

 

Configure your integration

Sk_rmbillede_2020-09-04_kl._09.47.17.png

Users

You can set the integration up to administrate your Azure AD users. This allows Emply to create, update and delete users in your AD that are present in Emply also.

 

Create

Users will be created in Azure Active directory, at the moment new users from Emply will have to be assigned manually to a specific AD group. 

Update

Existing Emply users will after saved changes be saved in AD

Delete

The AD user is moved from 'Users' til 'Deleted users'. Will be deleted from here after 30 days.

 

Mapping of data to Azure AD

Mapping is setup under users

Sk_rmbillede_2021-08-24_kl._15.47.07.png

Sk_rmbillede_2021-08-24_kl._15.47.42.png

Azure AD is presented on the left side and mapping options from Emply can be selected on the right side.

 

 

Groups Choose one AD groups for which the below configuration should apply

Sk_rmbillede_2020-08-25_kl._16.52.54.png

Important: If you are not able to set / groups - there was a problem connecting. Then abort and try again. If you already had activated the integration without noticing, that you could not select 'Groups' - then Integration most probably have synched all your AD users. How to fix it

  • Default role Set this to role to apply for your ad group
  • Default department Choose a department where you will import new AD users
  • Language sets the language of user (first time)
  • Time zone sets the timezone for a user (first time)
  • Currency sets the currency for a user (first time)

Synchronize roles let the integration set the roles of the users continuously. If off then the role is only set the first time. We recommend you talking to an Emply consultant before setting this up.

Emply users with administrator role is not updated by role synchronization!

Synchronize calendars switch On / Off 

Meeting rooms Here you add meeting rooms - you may connect more AD groups

 

Sk_rmbillede_2020-09-08_kl._13.09.08.png

When activated - users will be updated in Azure AD. If synchronization fails, an error will show in the activity log placed under integrations.

 

Sk_rmbillede_2020-05-05_kl._10.47.28.png

Removal of Azure AD groups

When removing Azure AD groups you need to remove these from the Azure Ad integration as removal of the AD group in Azure will not remove it in Emply.

 

Removing the integration

In order to remove the integration completely, you have to perform 2 steps.
Prerequisite: You must sign in as a global administrator, an application administrator, or a cloud application administrator.

  1. Removing the integration in Emply will stop all synchronization between your Azure AD and Emply. Users are not synced any longer and synced Outlook events are removed in Emply calendar. You can only activate the integration again by signing in again as administrator. 
  2. Removing Emply enterprise app in Azure simply login to your portal Azure account. Find the Emply application under Enterprise applications - go to properties and delete.
    • You can find more about enterprise apps at Microsoft.com here

Sk_rmbillede_2020-10-20_kl._10.53.55.png

Q&A Azure AD Integration

1. Are users created manually, not affected by user synchronization?
  - Correct. But If a user has the same username or email then it will be automatically connected to Azure's user and will be synchronized
2. What happens if a user is added to a mapped AD group afterwards?
  - The user will be created in Emply after the next synchronization cycle
3. What happens to a synched user when it's removed from AD group?
  - They will be deactivated in Emply
4. What happens if I remove an entire AD group or Azure AD integration.
- Calendar synchronization wil stop, Outlook events will not appear in Emply after next sync., new users in connected AD groups are not created in Emply. If you have configured Emply to update your AD users, this will end. 
 

How to remove unwanted users in Emply:

Sk_rmbillede_2021-09-15_kl._10.02.20.png

 

Remove unwanted users

Go to account / users

  • Filter out all users (that you want to stay in Emply)
    • Add Criteria / E-mail NOT in your domain
  • Mark all Users
  • Deactivate all
  • Go to Archived users
  • Mark all and delete them.

Sk_rmbillede_2021-09-15_kl._10.06.08.png

Go to Settings / Integrations

  • Open Azure AD integration
  • Set Group(s) in Azure AD integration (that holds your Emply users to be)
    • Or remove Azure AD application and activate it again - remember to set your groups
  • Save