This article outlines our managed integration with Microsoft Entra (Entra is the new name for Azure AD but the process is the same for both).
Please note, this is different from using Entra as your Single-Sign-On provider. Please see this article for more about using Azure AD / Entra for SSO. The ultimate solution would be to use Entra for both SSO and as a managed integration, allowing for both SSO authentication and user data sync.
What does the managed integration do?
This integration populates Tribal Habits with new and updated users from a specified Group in Entra.
New users are created in Tribal Habits
Updated users are updated in Tribal Habits
User data is populated (e.g. job title, location)
Manager data is populated (including email)
Deactivated users are deactivated in Tribal Habits
THIS FEATURE REQUIRES A BUSINESS 50 PLAN OR LARGER
Please note that our managed integration with Entra is only available on Business 50 or larger plans. This integration is not available on smaller plans (such as Lite) or legacy plans (older monthly plans). Please contact our team at [email protected] if you would like access to this integration but it is not activated in your portal.
What are the benefits of this managed integration?
Reduced administrative workload
First, this integration reduces the workload for your Tribal Habits administrators by automating user creation. New users will be automatically populated in Tribal Habits from Entra. Users can also be deactivated based on data from Entra.
Data consistency
Second, the integration eliminates data inconsistency. Users are updated automatically from Entra, ensuring that your Tribal Habits data matches your Entra data. This allows your organisation to use Entra as a single source of truth for user data.
Improved reporting
With more (and more accurate) user data, your Tribal Habits reporting and administration is also improved.
What’s required to set up the integration?
The integration is managed by Tribal Habits. Our team will set up the integration and manage it on your behalf. Error messaging for a failed user sync can be enabled and sent to a specified email address at your organisation, allowing your Entra or Tribal Habits administrators to be immediately notified if user data is incorrect or inconsistent.
The integration requires some setup by your Entra administrators. Instructions for this process are outlined below. During the testing of the integration, we will also require a small amount of time from your Entra administrators to troubleshoot any issues or confirm user data is correct. Typically, this is a few hours of work in total.
What is the integration process?
Our integration with Entra is a ‘managed integration’. This means our our Support team will create and run the integration on your organisation’s behalf. It also means that each integration can be customised to suit your organisation. Here are the major steps and options as we set-up this integration.
1 – Kick-Off Call
We begin with 30 minute kick-off call with your team to discuss your integration.
First, we will determine the appropriate 'username' for your users in Tribal Habits. As most organisations using Entra will also use Single-Sign-On, we usually just need to ensure that we select an appropriate username for SSO. This may be work email address, but could also be employee number or Entra ID number.
Second, we will discuss the 'Group' of users you want to sync into Tribal Habits. Our Entra sync utilises the Groups feature in Entra. This allows you to specify users to sync in Entra. This may be an existing group you have previously created in Entra (e.g. 'All Employees') or you may want to create a separate group for this sync (e.g. 'Tribal Habits LMS users').
Third, we will focus on the additional fields of user data you may want to sync from Entra into custom fields in Tribal Habits – such as location or job title.
2 – Integration Preparation
Our team then prepares the integration, which typically takes just a few days.
In the meantime, your Entra admins will need to prepare a Tribal Habits app and Group in Entra. This is a relatively straight-forward process which your admins may have completed for other apps. The process is as follows.
Preparing your Entra app
First, login to your Entra portal. Select App registrations > New application.
Then register your new Tribal Habits LMS application.
Name: A unique name for this application. We recommend Tribal Habits LMS.
Supported account types: Select as appropriate. Typically 'Accounts in this organisational directory only'.
Redirect URI: Select Web type and then https://www.workato.com/oauth/callback
Then select register.
Second, now we need to set some permissions. Click on API permissions tab, add a new permission and select Microsoft Graph.
Then select all the following permissions.
Application permissions.
User.Read.All
Directory.Read.All
GroupMember.Read.All
Group.Read.All
Delegated permissions
User.Read
User.ReadBasic.All
User.Read.All
Directory.Read.All
GroupMember.Read.All
Group.Read.All
Third, now we need to grant admin consent for Tribal Habits to allow administrator scopes. Click the ‘Grant admin consent’ link and confirm.
And here's how it looks after granting consents.
Fourth, now we need some IDs and secrets. So lets go to Certificates and secrets. Click New client secret.
Now label the secret (Tribal Habits LMS) and set an expiry date. You will need to manage your expiry and then recreate new secrets and pass them to Tribal Habits, based on your expiry dates. We recommend setting tasks / reminders for your selected expiry period, else the integration will fail when the secret expires.
IMPORTANT! Copy the Value part of the secret immediately and store it securely somewhere. The Value will not be shown again and it is required by our support team later.
Preparing your Entra Group
Our integration for Entra utilises the Groups feature in Entra. We will sync all users from a specified Group in Entra. Typically, this means selecting or creating a group which contains all your users to be sync with Tribal Habits. This may be an existing group (All Employees) or you may want to create a separate group for this (Tribal Habits LMS).
Your Entra admins should set up a the appropriate Group in Entra. Our support team will then require the Group ID later.
3 - Set-up Call
We then organise a second call with your team for the authorisation process. We require one of your Entra administrators for approximately 30 minutes to complete and test the integration with our team.
From your Entra app, we will require your admin to share three items with us:
The Application (client) ID from the Overview tab of your app.
The Directory (tenant) ID from the Overview tab of your app.
The Value (not the Secret ID) obtained from the Certificates tab of your app. Remember you stored this back in the preparation phase.
4 - Go Live
Once your integration is tested and ready to go, we can activate the integration when your team is ready! We actively monitor your integration for the first few weeks to ensure its all working as intended, or to fine tune any requirements. Your integration is then all set!