■
Connect your environment’s people data to Entra ID
Note:
In order for the integration to work, Simpplr requires consent provided by the Microsoft Global Admin user. Then the Group Admin user must connect with their credentials. The Group Admin is required in order to read user profile data from the Entra Admin. Once the Global Admin connection is established, the Global Admin user can remove the Global Admin permission from the account if they wish and connect again using an account that has all the permissions listed below. The Global Admin connection is only required temporarily to approve the consent for the integration as some of these permissions can not be granted unless a Global Admin approves the same.
We recommend resetting the Admin user's password every few months for added security. Changing the admin connection password will not affect the integration or any user access in any way on Simpplr.
The account you use to establish the connection should have "Email" listed in the Entra properties as well.
Note that Azure has recently renamed to Microsoft Entra ID. Check out this article for more info.
Users who are the Microsoft Global Admins and have Simpplr App manager access can complete the instructions below to select Microsoft Entra ID as the source for Simpplr's people data.
To be able to sync users' data and fields on Simpplr, Simpplr needs to read certain data of users in the organization, hence we request for the User.Read.All scope (this is the least privileged scope).
The User.Read.All permission allows Simpplr to read all users' full profiles, which include sets of profile properties, reports and managers of users in your organization.
From an application standpoint, User.Read.All is the least privileged permission. Since the app needs to read users' data from Microsoft Graph, Microsoft mandates admin consent to be provided for the application only can be granted using the Global Admin user. As mentioned above, once the Global Admin consent has been provided, the user can remove the permission from the account.
The image below highlights which permissions require Global Admin consent, and what user data is being pulled from Microsoft to Simpplr. These permissions must be granted by the Global Admin user.
App managers can perform the following steps to select Entra ID as the source for Simpplr's People data:
- Go to Manage > Application > Integrations > People data.
- Select the Active Directory checkbox.
- Check the boxes for Provisioning and/or Syncing depending on the actions you want to perform. If only provisioning, a token will be generated upon clicking Save to continue. If you're syncing data, you'll be asked to connect using admin credentials.
- After signing into the source account with admin credentials, your source account will be connected and you'll be redirected back to Simpplr. You'll now see the option to Disconnect account next to the selected source account.
Set up Entra ID user attribute syncing
If your environment is connected to Entra ID, App managers will be able to sync user attributes from Microsoft Entra ID:
- Go to Manage > Application > People > Provision & sync users.
- Select Microsoft Entra ID as the syncing source.
- Select which fields you want to sync between Entra ID and Simpplr.
- To add custom fields, scroll to the bottom of the page and add the custom field you want. Once done, check the box under the Sync column and can enter the field name as it is in Entra ID.
- Click Save.
Add a custom field
Comments
Please sign in to leave a comment.