User Provisioning via Entra ID is only available to customers on our All-In package. Reach out to your Customer Success Manager at AlexisHR to get more details and access to this functionality.
With connection to Entra ID (also known as Azure AD) you are able to have user provisioning towards Entra ID with Alexis HR as the master. Below you have information of how to configure the connection and what fields are updated and an example of how the user flow is.
Configuration
The integration is configured from Settings → Integrations → Microsoft Entra ID (Azure AD)
Click "Integrate"
You will now need to log in to Microsoft with valid credentials.
You will need to give access to the "AlexisHR Integration" app to do the following:
Sign in and read user profile
Read and write all users´ lifecycle information
Read and write all users' full profiles
Read all users' full profiles
You should then be presented with the following picture
Microsoft Entra ID (Azure AD) - Connected
(if it for some reason would show disconnected, please try and refresh the page to retry the connection)
If you want to remove the connection from Alexis HR then click "Remove integration"
How the integration works with Alexis HR
If you are connected to Entra ID:
Any change in a user or employee data will update the user’s data in Entra ID if the employee’s work email belongs to the given tenant.
For example if the user’s work email is [email protected], it will update the user in Entra ID, because the domain is yourdomain.com.
The following fields are mandatory and need to exist on the user in Alexis in order to be able to create a user in Entra ID. Work email, First name, Last name
What data fields we update or create
We update the following fields in Entra ID when they are updated/changed in Alexis HR given the above requirements are met.
Alexis HR fields | Entra ID Property | Entra ID Description |
Note :This field is defines as "true" when the user is created in Entra ID (finished onboarding). From that moment on Alexis HR not change that property. | AccountEnabled | true if the account is enabled; otherwise, false. This property is required when a user is created. A global administrator assigned the Directory.AccessAsUser.All delegated permission can update the accountEnabled status of all administrators in the tenant. |
Personal : First name | givenName | The given name (first name) of the user. |
Personal : Last name | surname | The user's surname (family name or last name). |
Personal : First name(dot)Last name | mailNickname | The mail alias for the user. This property must be specified when a user is created. |
Personal : First name + Last name | displayName | The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. |
Home Address : Street name | streetAddress | The street address of the user's place of business. |
Home Address : Zip code | postalCode | The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. |
Home Adress : City | city | The city in which the user is located. |
Home Address : Country | country | The country/region in which the user is located; for example, US or UK. |
Work : Work email | The SMTP address for the user, for example, | |
Work : Reports to | Manager | The users reporting to colleague. |
Work : Title | jobTitle | The user's job title. |
Work : Organization | CompanyName | The users Organization |
Work : Office | OfficeLocation | The users Office |
Work : Department | department | The name for the department in which the user works. |
Work : Phone | BusinessPhones | Work phone of the user |
Hire date | EmployeeHireDate | First employment start date |
Offboarded date | employeeLeaveDateTime | The date and time when the user left or will leave the organization. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.For delegated scenarios, the calling user must have the Global Administrator role and the calling app assigned the User.Read.All and User-LifeCycleInfo.ReadWrite.All delegated permissions. |
Example employee flow to get started with Azure AD:
Login to AlexisHR as an owner.
Connect to Entra ID on the integrations page.
Check that the status is connected on the integrations page.
Onboard a new colleague (could be a "dummy user"). Set the work email to [email protected]
This new user should now be created in Entra ID
Change one or more of the data fields listed above in Alexis HR
The user in Entra ID should now have those fields updated (this might take a couple of seconds)
Offboard the employee in Alexis HR with a future (or past date)
The user in entra ID should now have the employeeLeaveDateTime updated to match the Alexis HR offboarded date.
FAQ
Q : Will you set AccountEnabled in Entra ID to false when a user is offboarded?
A : No, we will update the field employeeLeaveDateTime to be the same as the offboarding date in Alexis HR.
Q : The user is not created in Entra ID even though the user is onboarded?
A : Check that work email, first name & last name exists on the user.
Q : The user is not created in Entra ID even though the user is onboarded and work email, first name & last name exists on the user.?
A : Check that the work email domain is the same as the domain defined in Entra ID for the current directory.
