Skip to main content

Azure Active Directory Integration: Email Experiences

Christopher Strautman
  • Updated

Feature Overview

Backed by a powerful integration with Azure Active Directory, you streamline the management of employee data within your Email Experiences environment. Automatically create and delete users in real-time and ensure employee information is kept up-to-date with no added effort.  

Implementation/Setup

The integration can be set up in under five minutes. Simply follow the steps outlined below.

Please Note: You must have an Azure AD P1 or P2 license in order to use this integration.

 

Step 1

Log into the Azure Active Directory portal.

 

Step 2

Search for Enterprise Applications.blobid0.png

 

Step 3

Select + New Application.

 

Step 4

Select Create your own application and "Integrate any other application you don't find in the gallery (Non-gallery)" then click Create.

blobid1.png

 

Step 5

Create a name for your new app. We recommend using Terminus Email User Provisioning.

 

Step 6

Once the app is created, choose Provisioning.

blobid2.png

 

Step 7

Select Get Started.

blobid4.png

 

Step 8

Select Automatic from the drop-down menu.

blobid5.png

 

Step 9

Navigate back to Email Experiences and copy the Secret Token (API Key) and Tenant URL from your Email Experiences Account Settings --> Integrations page.

 

Step 10

Back in Active Directory, paste your Tenant URL and Secret Token into the appropriate location.

 

Step 11

Select Test Connection

blobid8.png

You will know the connection was successful when you see "The supplied credentials are authorized to enable provisioning" in the upper right-hand corner.

 

Step 12

Under Mappings, make sure that "Provision Azure Active Directory Users" is enabled. Toggle the Provisioning Status to On. Then, click Save. 

blobid9.png

 

Step 13

Go back to your application and navigate to the Users and Groups section to select the users and groups you wish to sync to Email Experiences.

When you sync Groups from Azure AD, Terminus will bucket users into those same Employee Groups in your Email Experiences account.  Note: The process of creating Groups and assigning employees to those Groups can take up to 24 hours to reflect in the Email Experience app.

Once enabled, if a change is made within Azure, the update will automatically get pulled into Email Experiences within 30 minutes.

 

Please note the accepted Azure User Mappings below:

Screen_Shot_2021-03-24_at_11.50.39_AM.png

 

FAQs

Q: Will Email Experiences employee data be updated when changes are made to AD?

A: Yes, if employee data that is synced with Email Experiences is updated in AD, those changes will be reflected in Email Experiences.  This typically takes less than 24 hours.

 

Q: How long does it take for Email Experiences to reflect changes made to AD?

A: Changes will be reflected in less than 24 hours, but only for the fields that are being sent to Email Experiences (i.e. first name, last name, title, etc).

 

Q: Will an employee's data from AD override information they've manually updated in Email Experiences?

A: No. Signature fields that are edited by a user or admin through the Email Experiences UI are treated as preferred values, and will not be overridden by data from AD. If a signature field has not been updated by a user, it will continue to stay in sync with AD values. A field that is updated by a user will have a blue "user_updated" icon next to it in the edit employee modal.

 

 Q: Will Email Experiences automatically delete users when they are deleted in AD?

A: Anytime an employee that is synced with Email Experiences is removed from the provisioning scope of the Marketplace app, they will be deleted in Email Experiences within 24 hours. Users that are hard deleted from Azure Active Directory that have an existing account will be removed from Email Experiences within 30 days of the soft delete.

 

Q: Is it possible to add additional fields to the Azure user mappings

A: No. The current Azure user mappings are limited to the fields outlined in Step #13 above.

 

Q: What happens when an employee is removed from a Security or O365 group that is synced with Email Experiences?

A: If an employee that is enrolled in a Security or O365 group is removed, they will also be removed from Email Experiences.

Example: I have created an "Email Experiences" Security Group in AD that is synced with Email Experiences and I remove Bob from that group.  Bob will be removed from Email Experiences since he no longer is enrolled in that group.

Related articles

Comments

0 comments

Please sign in to leave a comment.

You must sign in to view this content.

Click the button below to sign in to the Terminus Platform.

Cancel