• You have an Employee Email account with the required access enabled
  Staffbase recommends using an Admin or Parent Admin account
  
  Note: If enabled, new Feature Access settings let you allow users to Create and edit integrations while restricting their ability to Edit field mapping and exclusions.
  Both of these permissions are required for a user to connect Employee Email to Microsoft Entra ID.
  Contact the Staffbase Support or your Customer Success Manager for details.
• Your organization has a Mircosoft Entra environment
  
  Note: If your organization currently uses an on-premises (on-prem) version of Microsoft Entra ID, you can still sync your user accounts to Employee Email via Microsoft Entra ID Connect (previously Azure AD Connect, a tool provided by Microsoft for free as part of your Microsoft Entra subscription that enables you to sync identity data between your on-prem environment and the Microsoft Entra cloud.
• You have a Microsoft Entra ID account to maintain the sync
  Staffbase recommends using a service account rather than an individual user's account.
• You have the ability to approve access for the service account with a Cloud Application Administrator role, allowing that account to create the enterprise application in Microsoft Entra ID. Once the enterprise application is created and the user has been granted access to it, the Cloud Application Administrator rights are no longer necessary and can be set to Default.

1. In a new Incognito or InPrivate browser window, sign into the Employee Email web app.
2. Navigate to Contacts > Import.
3. Click the Microsoft Entra ID tile (previously Azure).
4. Enter a unique title for your organization's Microsoft Entra ID that will be easily recognizable later.
5. Click Create.
   A success message displays, confirming that your integration has been created.
6. Click Connect Active Directory.
7. Ensure that your browser allows pop-ups from your Employee Email web app.
   A new dialog opens, prompting you to sign in with Microsoft credentials.
8. Sign in with the Microsoft Entra ID account that will be used to maintain the sync.
   Staffbase recommends using a service account with a Cloud Application Administrator role.
   You are prompted for admin approval.
9. Sign in with Microsoft Entra ID Cloud Application Administrator credentials.
   
   
   Note: If the prompt for admin approval does not display automatically, troubleshoot by starting again from step 1 and ensure you are using an Incognito or InPrivate browser window.
   Contact your Technical Onboarding Engineer or Onboarding Project Lead for further assistance.
   The Microsoft sign-in dialog closes and your integration displays as Connected.
   
   
10. Click Next to continue the import process.

When you sign into Microsoft Entra ID through Employee Email, we are going through this process:
Get access on behalf of a user - Microsoft Graph

Authorization from a Cloud Application Administrator is required to establish the Microsoft Entra ID app (previously Azure enterprise tile app) in your environment and grant the following scopes to your service account:

Directory.Read.All
openid
offline_access

For interacting with the directory, we go through two different graph endpoints (one for users, one for groups), both using the access token we acquired from the first step.

• List users - Microsoft Graph v1.0 - Retrieve a list of user objects.
• List groups - Microsoft Graph v1.0 - List all the groups available in an organization.
  This includes but is not limited to Microsoft 365 Groups.
  

Optionally, choose existing Microsoft Entra ID distribution lists to import into Employee Email. All of your organization's Microsoft 365 Groups and mail-enabled security groups will be available to select.

If your organization has more than one thousand groups available, you are prompted to use the Bulk Selector and upload a CSV file containing only the Display Name of each list you want to sync. Do not include a header row in this spreadsheet.

The Map fields tab opens, and employee attributes stored in your Microsoft Entra ID, like names, titles, office locations, etc., are auto-populated under the Imported Field section.

Attributes are the characteristics that differentiate one recipient from another, which enable you to segment your audience and target your communications to specific groups.

1. From the dropdown menu corresponding to each value, select a field name to map the attributes from your Microsoft Entra ID to fields in Employee Email.
   Tip: Some fields are mapped automatically but can be adjusted based on your preference.
   Employee Email also exposes your Microsoft Entra ID custom attributes (1-15). When syncing or mapping contact data, you are prompted to decide whether to map or skip these fields.
   Optionally, select Skip this field for any of your imported fields except the Unique Contact ID, which defaults to Email.
   If no option in the dropdown matches your imported field(s), create a new Text, Number, or Date field.
   
   
2. Optionally, find and import additional custom fields from your Microsoft Entra ID.
   You must know which fields you want to import. A Microsoft Entra ID Global Admin in your organization must help you find the Field unique ID(s) for these fields.

Optionally, create filters to exclude some categories of Microsoft Entra ID contacts from your import.

For example, exclude employees who are currently on leave with an Inactive status, or belong to a division that does not need to receive communication emails.

1. Click Sync to import your contact data and complete the configuration.
   A new page displays, showing a progress bar for your import.
   
   
   Note: The import process usually takes 10-30 minutes but may require a number of hours for a very large organization. It cannot be stopped or restarted.
   You can navigate the Employee Email web app while you wait. This will not disrupt the import.
   
   
2. Navigate to Contacts > Directory to view your imported data.
   The All Contacts list opens.
3. Click Distribution Lists to view any lists you have imported.
   
   
   
   These distribution lists will be updated automatically each time your Microsoft Entra ID users are synced to Employee Email. 
   If you want to change them, do this in your Microsoft Entra ID, not in the Employee Email web app.
4. To check for and fix any potential errors with your import, navigate to Sources > Integrations.
   
   

1. In the Employee Email web app, navigate to Contacts > Sources > Integrations.
   
   
2. Click the three dots next to an integration.

Any Employee Email user with the required access enabled can manually sync Microsoft Entra ID contacts from the integration that you have created or edit its field mappings.

Only the Employee Email account configuring an integration, or a Parent Admin, can delete that integration.