Microsoft Entra ID stores essential employee data, which can be synchronized to streamline user management and organizational updates. The MS Entra ID integration allows for seamless synchronization of user and team data.

Available for users with role Owner.
Learn more about roles and permissions here.
Available as Paid add-on
Available on Desktop

Benefits of the integration

Automated user creation and updates: Avoid manual entry by synchronizing user data directly from MS Entra ID into edyoucated.
Reflect organizational changes: Automatically update changes in team structures, supervisors, and employee status.
Efficient deactivation: Automatically deactivate users who leave the organization, reducing manual oversight.

Obtaining API credentials from MS Entra ID

Log in to your MS Entra ID account via https://entra.microsoft.com. Ensure you have admin access.
Go to Identity > Applications > App registrations in the left navigation bar.
Click New registration.
Enter a Name, ignore the remaining parts and click on Register.
Note down the Application (client) ID and Directory (tenant) ID. You will need to add them on edyoucated later.
Click on Certificates & secrets in the inner left navigation bar.
Click on New client secret, enter a description and select an expiry date. When the expiry date is reached, the integration will stop working until the updated secret is entered on edyoucated.
Note down the Value. After leaving the page, you will not be able to copy the value anymore, unless a new secret is issued.
Click on API permissions in the inner left navigation bar. Click on Add a permission, and select Microsoft Graph in the right side-panel. Select Application permissions and then grant the following permissions:
1. User.Read.All
2. Group.Read.All (only required if you want to synchronize groups)
3. GroupMember.Read.All (only required if you want to synchronize groups)
The selected permissions will appear in the table in the center view. They will still have status Not granted for..., so you will need to click on Grant admin consent for.... After confirmation, the status should change to Granted for....

Setting up and activating the integration

Note: To access and configure the integration, you must be an organization owner. The integration is a paid add-on and must be enabled by your edyoucated account manager.

Click on your profile picture in the upper right corner and select Integrations.
Click on Add/Edit integration in the MS Entra ID card. A new page opens.
Configure credentials:
- Enter your Tenant ID, Client ID and Client Secret obtained from MS Entra ID. Learn more about how to obtain the credentials here.
- Ensure these credentials are kept secure and confidential.
Choose a default language. This defines the language of emails that automatically created users receive before they can adjust their language settings.
Define synchronization rules: Synchronization rules define the criteria that are used to decide which users from your external system will be synced into edyoucated. Decide if you want to sync guest users (based on the user type attribute from MS Entra ID). Regular users will always be synced.
Configure users synchronization: First name, last name, and email are required. Decide if the job title should be synced to edyoucated.
Configure team synchronization: Decide if teams should be created for each Group and or each Manager.
Use the Test button to ensure settings are correct before activating.
Once testing is successful, click Activate at the top right of the page. A modal window will appear.
In the modal, click Activate integration to start the integration. This will automatically execute the first integration run.

Note: If the synchronization is active, it runs automatically every day at 4 a.m. UTC. If higher frequency is needed, contact the edyoucated customer support for adjustments.

Tip: For example, if teams are created for each Manager and there are ten managers in MS Entra ID, ten new teams are created, in which the manager from MS Entra ID has the Supervisor role on edyoucated, and which include all the subordinates of the manager as regular team members. The team name will include the supervisor's name, such as Peter Wright's team.

Viewing integration runs

Click on your profile picture in the upper right corner and select Integrations.
Click on Add/Edit integration in the Microsoft Entra ID card. A new page opens.
Open the Runs tab.

In the Runs tab, you will find a table displaying all executed runs of the integration. This table provides the following information about each run:

Triggered at: Indicates the date and time when the run was executed.
Triggered by: Shows whether the run was automatic or manually started by a user. If manual, it displays the username, email address, and user image.
Status: A green checkmark indicates a successful run, while a red X signifies a failure.
Error: If the run failed, this column contains an error message.

Clicking on a run in the table will expand a sidebar on the right side of the screen. This sidebar provides additional run details:

If the run was successful, it shows the actions performed, such as the number of users or teams created, updated, or deactivated.
If the run failed, it provides information about the error encountered.

Deactivating the integration

To stop the integration, click the Deactivate button at the top right of the page. No further runs will occur. You can re-activate the integration anytime.

Error handling

If an error occurs during synchronization, it will be logged, and organization owners will receive an email notification.
Automatic synchronization will pause until the error is resolved.

Integrate with Personio

Set up single sign-on (SSO) in edyoucated with Microsoft Entra ID