IMPORTANT NOTICE: Microsoft has changed the name of "Azure AD" to "Microsoft Entra ID". For clarity, this article refers to this system as "Azure AD".
Requirements:
Azure AD (now named "Microsoft Entra ID"); or
Hybrid Active Directory - Haystack connects through Azure
Haystack Pro, business or Enterprise subscription
The integration in a nutshell:
Haystack integration with Azure AD is quite simple to set up and test, as well as quite powerful and flexible to meet your needs. The key steps are:
STEP 1 - Send your Tenant ID to Haystack
STEP 2 - Grant Haystack 'read-only' permissions using the provided link
STEP 3 - Create groups using the provided naming conventions in Azure AD and assign users as members of these groups
STEP 1 - GRANT AZURE AD PERMISSIONS TO HAYSTACK
Please follow the steps below:
Send Haystack your Tenant ID. You can find it at the Azure Portal > Azure Active Directory > Properties. You can follow this link
Haystack will send you back a URL to approve the relevant permissions. This step needs to be done by one of your Azure AD admins.
The permissions Haystack requests are:
* Read all users' full profiles (User.Read.All)
* Read all group memberships (GroupMember.Read.All)
* Sign in and read user profile (Default permission)After the Azure AD admin has given consent to the requested permissions. Please contact Haystack's technical support to activate the synchronization.
STEP 2 - HAYSTACK ACCOUNT SETTINGS
After finishing the registration process described in step 1, your Haystack Customer Success representative will help you set up your account settings within Haystack's Admin Dashboard based on your requirements.
These settings include:
Default Template - The default template to use if not directed otherwise
Invite Message - The message in the invitation emails, your employees will get
STEP 3 - AZURE AD SET UP
In this step you define the filters & rules which govern which employees should get a digital business card, and which ones should not, as well as manage which employees should be on each template in case you're using more than one card template.
Please note: This step is to be completed by your Azure AD Admin
To achieve the filtering required by your company, you will need to create special Azure AD groups which will govern the filtering.
There are two group types:
Filter group - dictates to Haystack which employees should get cards.
β
Group name format:haystack_bc_filter_in[_<comment>]. The comment is optional, and it can contain any string.
βTemplate type group - dictates to Haystack to which template the business card should be part of. If a user has no template type group, the default template type id will be used
β
Group name format:haystack_bc_templateTypeId_<value>[_<comment]. The value should be one of the values you will get from Haystack Customer Success representative. Each value represents one of the templates set up on Haystack's system. The comment is optional, and it can be anything
Please note: a card is created only based on the filter group. The template type group is relevant only for cards that are to be created.
We support group inheritance, which means the relationship between the user and the group can be direct or not.
Please see the diagram below as a topology example
In the example above, lets assume the default template is the management template
According to the above topology the following will happen:
The marketing employees' cards will be set up under the marketing template, since they are related to the filter in group, and to the marketing template type group
The Sales employees will be set up under the sales template, since they are related to the filter in group, and to the sales template type group
The QA employees, will not get business cards, since the default setting is not to create cards for all users, and it doesn't have a filter in group. The template type group is meaningless
The management employees will be set up under the management template, since they related to the filter in group, and the default template is Management
When the relationship between the group and the users changes, the integration will change the card behavior according to the new settings automatically.