What does the managed integration with On Premise Active Directory?
This integration populates Tribal Habits with new and updated users from an On Premises Active Directory server, including:
New users are created in Tribal Habits
Updated users are updated in Tribal Habits
User data is populated (e.g. position, location, start date)
Manager data is populated (including email)
Deactivated users are deactivated in Tribal Habits
THIS FEATURE REQUIRES A BUSINESS 50 PLAN OR LARGER. This integration is not available on smaller plans (such as Lite) or legacy plans (older monthly plans). Please contact our team at [email protected] if you would like access to this integration but it is not activated in your portal.
What are the benefits of this managed integration with an On Premise Active Directory?
What is a 'managed integration'? This integration is managed by Tribal Habits. This means we build and manage the integration on your behalf. The integration can be customised for data mapping, user inclusion/exclusion, notifications and more, allowing us to create a bespoke integration to suit your requirements.
Reduced administrative workload
First, this integration reduces the workload for your Tribal Habits administrators by automating user creation. New users will be automatically populated in Tribal Habits from your Active Directory server. Users can also be deactivated based on data from Active Directory.
Data consistency
Second, the integration eliminates data inconsistency. Users are updated automatically from Active Directory, ensuring that your Tribal Habits data matches your Activey Directory data. This allows your organisation to use Active Directory as a single source of truth for user data.
Improved reporting
With more (and more accurate) user data, your Tribal Habits reporting and administration is also improved.
What’s required to set up the integration with an On Premise Active Directory server?
The integration is managed by Tribal Habits. Our team will set up the integration and manage it on your behalf. Error messaging for a failed user sync can be enabled and sent to a specified email address at your organisation, allowing your Active Directory or Tribal Habits administrators to be immediately notified if user data is incorrect or inconsistent.
1 – Kick-Off Call
We begin with 30 minute kick-off call with your team to discuss your integration.
First, we will determine the appropriate 'user name' for your users in Tribal Habits.
For organisations using Single-Sign-On (SSO), this needs to be a unique value available in Active Directory and also available in your SSO platform. It may be email or another ID.
For organisations without Single-Sign-On, we typically use email but can use an Active Directory ID. Users will login with their email address in all instances, so this is more of a technical decision we will discuss with you.
Second, we focus on the additional fields of user data you may want to sync from Active Directory into custom fields in Tribal Habits.
We can also discuss the load of your initial users, which can also be completed through our integration (to initially load all your existing users and their data into your Tribal Habits platform).
2 – Integration Preparation
Our team then prepares the integration, which typically takes just 1-2 days.
Your IT team will need to prepare your On Premise Active Directory server for the integration. Tribal Habits utilises the enterprise iPaSS Workato for this integration. This requires your IT team to install an on-prem agent (OPA) from Workato onto your server. Step by step instructions, including obtaining the agent, can be found in this support article from Workato.
Your IT team will also need to create a user for the agent and have the required connection information ready for our team from the above support article (On-prem group, URL, Username, Password and the Base DN).
3 - Set-up Call
We then organise a second call with your team for the authorisation process. We require one of your Active Directory administrators for approximately 60 minutes to complete an authorisation process and then test the integration with our team.
NOTE: The most complex part of an On Premise Active Directory sync is scoping the users to be synced (and excluded). We will require guidance from you to help scope the correct set of users. For example, we typically only obtain objectCategory=person and objectClass=user, but there may be additional filters we need to apply to exclude service/admin users from the sync.
NOTE: If your organisation also uses Microsoft Entra ID, and has a sync between your On Premise Active Directory and Entra, we recommend using our Entra integration instead (it is easier to manage).
4 - Go Live
Once your integration is tested and ready to go, we can activate the integration when your team is ready! We actively monitor your integration for the first few weeks to ensure its all working as intended, or to fine tune any requirements. Your integration is then all set and will create, update and deactivate your users from that point.
FAQ: What user data is typically synced from Active Directory?
We can customise the user data synced from Active Directory and typically obtain any field value from Active Directory.
FAQ: How quickly does information sync from Active Directory?
For User Data (to sync users from Active Directory to Tribal Habits), the sync is a scheduled update - this means the update occurs on a fixed schedule. We can agree this schedule with you, depending on the frequency of changes in your organisation and the required timeliness of those changes. For most organisations, an update every few hours during work days is sufficient, but we can increase or decrease the frequency as required.