Usage and purpose of the integration
The main purpose of the integration is to
- Update and synchronize users to Emply*
- Synchronize calendars (only MS365)
- Synchronize roles**
- Secondly you can allow Emply to write to your Azure AD users. (Will not work in hybrid AD)
*If you have employees with same email as the user these 2 profiles link. Then the employee's department has higher priority.
**If you want Azure AD groups to assign and manage emply roles - you need to configure multiple AD groups and only single roles. As Emply users can have multiple roles this setting is not used in most cases.
Activate Azure AD integration
Preparation and rules
Create minimum 1 Azure AD group with the users you want to create in Emply
AD users can only appear once, no duplicates
We do not support nested groups
Start with one group and select lowest permissions (role)
Do not activate "synchronize roles"
Do not setup user create, update and delete
When you activate this with an Azure AD account, Emply entitles you to the following.
Configure your integration
You can set the integration up to administrate your Azure AD users. This allows Emply to create, update and delete users in your AD that are present in Emply also.
Users will be created in Azure Active directory, at the moment new users from Emply will have to be assigned manually to a specific AD group.
Existing Emply users will after saved changes be saved in AD
The AD user is moved from 'Users' til 'Deleted users'. Will be deleted from here after 30 days.
Mapping of data to Azure AD
Mapping is setup under users
Azure AD is presented on the left side and mapping options from Emply can be selected on the right side.
Groups Choose one AD groups for which the below configuration should apply
Important: If you are not able to set / groups - there was a problem connecting. Then abort and try again. If you already had activated the integration without noticing, that you could not select 'Groups' - then Integration most probably have synched all your AD users. How to fix it
- Default role Set this to role to apply for your ad group
- Default department Choose a department where you will import new AD users
- Language sets the language of user (first time)
- Time zone sets the timezone for a user (first time)
- Currency sets the currency for a user (first time)
Synchronize roles let the integration set the roles of the users continuously. If off then the role is only set the first time. We recommend you talking to an Emply consultant before setting this up.
Emply users with administrator role is not updated by role synchronization!
Synchronize calendars switch On / Off
Meeting rooms Here you add meeting rooms - you may connect more AD groups
When activated - users will be updated in Azure AD. If synchronization fails, an error will show in the activity log placed under integrations.
Removal of Azure AD groups
When removing Azure AD groups you need to remove these from the Azure Ad integration as removal of the AD group in Azure will not remove it in Emply.
Removing the integration
In order to remove the integration completely, you have to perform 2 steps.
Prerequisite: You must sign in as a global administrator, an application administrator, or a cloud application administrator.
- Removing the integration in Emply will stop all synchronization between your Azure AD and Emply. Users are not synced any longer and synced Outlook events are removed in Emply calendar. You can only activate the integration again by signing in again as administrator.
- Removing Emply enterprise app in Azure simply login to your portal Azure account. Find the Emply application under Enterprise applications - go to properties and delete.
- You can find more about enterprise apps at Microsoft.com here
Q&A Azure AD Integration
How to remove unwanted users in Emply:
Remove unwanted users
Go to account / users
- Filter out all users (that you want to stay in Emply)
- Add Criteria / E-mail NOT in your domain
- Mark all Users
- Deactivate all
- Go to Archived users
- Mark all and delete them.
Go to Settings / Integrations
- Open Azure AD integration
- Set Group(s) in Azure AD integration (that holds your Emply users to be)
- Or remove Azure AD application and activate it again - remember to set your groups