Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps employees to sign in and access both internal and external resources.
With Sapling’s integration with Azure AD, you can:
Automatically provision new Azure AD accounts
Keep profile information in Azure AD up to date by pushing specific profile fields from Sapling → Azure AD
De-provision employee accounts in Azure AD when they are offboarded in Sapling
This guide provides a walkthrough on how Sapling Admins can enable the Azure AD integration.
Important to note: Currently Sapling does not support a Sapling <> Azure AD data sync for existing employee attributes. We can only sync data for new employees who have been onboarded via Sapling.
To work around this:
Setup a custom report on field changes that you care about being updated in Azure AD, and have IT check in on that report to confirm changes in Sapling took effect in Azure AD
Add Azure AD To Sapling
First, login to your Sapling account. Navigate from Home > Integrations, and turn on the toggle for Azure AD.
In the Subdomain box, add your unique Azure AD domain (should look like yourcompanyname.onmicrosoft.com). To enable changes to be sent from Sapling to Azure, turn on the "sync changes" toggle.
Hit the “Save” button after you’ve entered the subdomain.
Next, you need to authorize the integration. This will connect with Azure AD and walk you through the Microsoft consent screen with requested permissions (user provisioning).
Note: to authorize on this screen, you must login using the Microsoft Azure Admin Role (e.g. IT manager).
After a successful authorization, you should be redirected back to the Sapling website.
Provision Users within Azure AD using Sapling app
Start onboarding a test user using the Sapling onboarding workflow.
This should send an email to the test-user’s personal and company email account.
This also makes a call to Azure AD to provision user account in AD.
Wait for ~1 min.
Next, login to the Azure AD portal and Click on “Users”.
Verify that a test user has been created.
De-provision Users within Azure AD using Sapling
First, login to Sapling. *note: you must be a Sapling Admin to make these updates.
With the same test-user as above, go to their profile page. From the “Actions” menu, select “Start Offboarding” and click through the Offboarding flow.
Once the test user is fully offboarded, return to your Azure AD profile. Go to the “Users” section and verify that the user has been de-provisioned.
What fields are updated from Sapling → Azure AD?
We send the following fields from Sapling to Azure:
Any questions, please reach out to firstname.lastname@example.org!