Requirements:
Azure Active Directory; or
Hybrid Active Directory - We connect through Azure
STEP 1 - GRANT AAD PERMISSIONS TO HAYSTACK
Please follow the steps below:
Send us your Tenant ID. You can find it at the Azure Portal > Azure Active Directory > Properties. You can follow this link
We will send you back a URL to approve permissions to us. This step needs to be done by one of your AAD admins.
The permissions we request are:
* Read all users' full profiles (User.Read.All)
* Read all group memberships (GroupMember.Read.All)
* Sign in and read user profile (Default permission)After the AAD admin has given consent to the requested permissions. Please contact Haystack's technical support to activate the synchronization.
STEP 2 - HAYSTACK ACCOUNT SETTINGS
After finishing the registration process described in step 1, your Haystack Customer Success representative will help you set up your account settings within Haystack's Admin Dashboard based on your requirements.
These settings include:
Default Template Type - The default template to use if not directed otherwise
Include Users By Default - Can be either True or False.
True means create cards for all users in AAD, unless directed otherwise by Filter group (see details below).
False means do not create cards for all users in AAD, unless directed otherwise by Filter group (see details below).Invite Message - The message in the invitation emails, your employees will get
STEP 3 - AAD SET UP
In this step you define the filters & rules which govern which employees should get a digital business card, and which ones should not, as well as manage which employees should be on each template in case you're using more than one card template.
Please note: This step is to be completed by your AAD Admin
To achieve the filtering required by your company, you will need to create special AAD groups which will govern the filtering.
There are two group types:
Filter group - dictates to Haystack which employees should get cards and which ones should not. Without a filter group, the default setting will be used
β
Group name format:haystack_bc_filter_<value>[_<comment>
]. The value can bein
orout
. The comment is optional, and it can be anything
βTemplate type group - dictates to Haystack to which template the business card should be part of. If a user has no template type group, the default template type id will be used
β
Group name format:haystack_bc_templateTypeId_<value>[_<comment]
. The value should be one of the values you will get from Haystack Customer Success representative. Each value represents one of the templates set up on Haystack's system. The comment is optional, and it can be anything
Please note: a card is created only based on the filter group. The template type group is relevant only for cards that are to be created.
We support group inheritance, which means the relationship between the user and the group can be direct or not.
Please see the diagram below as a topology example
In the example above, lets assume the following:
The default setting is not to include all users
The default template is the management template
According to the above topology the following will happen:
The marketing employees' cards will be set up under the marketing template, since they are related to the filter in group, and to the marketing template type group
The Sales employees will be set up under the sales template, since they are related to the filter in group, and to the sales template type group
The QA employees, will not get business cards, since the default setting is not to create cards for all users, and it doesn't have a filter in group. The template type group is meaningless
The management employees will be set up under the management template, since they related to the filter in group, and the default template is Management
When the relationship between the group and the users changes, the integration will change the card behavior according to the new settings automatically.