Microsoft Entra ID, previously known as Azure Active Directory, is a cloud-based identity and access management service that helps organizations manage user identities and secure access to their resources. Desk365 integrates with Microsoft Entra ID using the SCIM 2.0 protocol, enabling seamless user provisioning in Microsoft Entra ID and synchronization.
With this integration, you can automatically import contacts from Microsoft Entra ID into Desk365. Any updates made to the contact profiles in Entra ID are reflected in Desk365, ensuring consistency and reducing manual efforts.
Desk365 takes user provisioning a step further by offering advanced functionality such as real-time synchronization and efficient mapping of users to companies based on email domains. This ensures not only smooth integration but also accurate data representation across systems, significantly reducing administrative workload.
Key features
- Synchronize contacts
- Effortlessly create or update contact records in Desk365
- Automatically verify existing user accounts without duplication
- Perform soft deletes when users are disabled in Microsoft Entra ID
- Ensure accurate mapping of users to companies based on email domains
Step-by-step guide for configuration
1. Add Desk365 from the Microsoft Entra application gallery
- Log in to the Microsoft Entra Admin Portal.
- Navigate to Identity > Applications > Enterprise applications > New application.
- Click create your own application.
- Enter a name for your application.
- Select the option Integrate any other application you don’t find in the gallery (Non-gallery) and click Create.
- Once the application is created, you will be redirected to the application’s home page.
2. Connect Desk365 to your Microsoft Entra Account
- On the application page, go to provisioning in the left sidebar.
- Set the provisioning mode to automatic.
- In the admin credentials section, enter the tenant URL: https://<yourdomain>.desk365.io/entra
- Provide the secret token (copy API token from Desk365).
- Click test connection to verify the setup.
- Save the settings.
3. Configure attribute mapping
- On the application page, go to Provisioning > Edit Attribute Mappings.
- Turn off the option to Provision Microsoft Entra ID Groups since Desk365 only supports contacts.
- Enable the option to Provision Microsoft Entra ID Users.
- Choose the target object action (Create, Update, and Delete).
- Configure the attribute mappings to define how data should be synchronized between the two systems. You will be presented with a list of attributes that Microsoft Entra ID uses for users. If there are any attributes in the list that are not mapped or not supported by Desk365, delete them. This ensures that only relevant attributes are kept, preventing unnecessary synchronization or potential errors.
- To add a new mapping, click on Add New Mapping. This allows you to define how specific attributes in Microsoft Entra ID should be mapped to corresponding fields in Desk365. Refer to the table below for the recommended mappings and configurations for each attribute.
- Use the table below to understand how each attribute should be configured for mapping:
Mapping type
Source attribute
Target attribute
Match objects using this attribute
Matching precedence
Apply this mapping
Direct
objectId
externalId
Yes
1
Always
Expression
Switch([IsSo
ftDeleted], , “False”, “True”, “True”, “False”)
active
No
Always
Direct
displayName
displayName
No
Always
Direct
jobTitle
title
No
Always
Direct
emails[type eq “work”].value
No
Always
Direct
userPrincipalName
userName
No
Only during object creation
Direct
telephoneNumber
phoneNum
bers[type eq “work”].value
No
Always
Direct
mobile
Phone
Numbers[type eq “mobile’].value
No
Always
To clarify the steps for configuring the attribute mappings in Microsoft Entra ID for Desk365, let’s go through the process step by step with an example for userPrincipalName attribute and configure the Matching Precedence (MP) for externalId.
- By default, Matching Precedence is set to 1, but Desk365 prefers using externalId as the MP for unique user identification. We will need to change the mapping for userPrincipalName to have Matching Precedence (MP) set to 2 and then configure the externalId to have Matching Precedence (MP) set to 1.
- Edit the userPrincipalName mapping and set Matching Precedence to 2, and Apply this mapping to Only during object creation.
- Add the externalId mapping, set Matching Precedence to 1, and Apply this mapping to Always.
- Edit the userPrincipalName mapping again, set Match Objects Using to No, and save the changes.
This ensures that externalId is the primary key used to match users and it takes precedence over userPrincipalName in Desk365, while userPrincipalName is only used during the object creation phase.
4. Configure provisioning settings
- Check the box, send an email notification when a failure occurs and enter the email address for error notifications.
- In the scope section select, sync only assigned users and groups (if syncing specific users).
- Navigate to users and groups and add your users. Click on Add user/group and select the users whom you want to provision and then click assign.
5. Start provisioning
- Return to the provisioning page and navigate to the overview section.
- Click start provisioning to begin syncing contacts from Microsoft Entra ID to Desk365.
Special features in Desk365 provisioning
1. Verification of existing contacts
If a contact already exists in Desk365, it will be verified instead of creating a new record. Verified contacts display a checkmark in the Agent Portal > Accounts > Contacts section.
2. Soft delete for disabled users
When a user is disabled in Microsoft Entra ID, Desk365 performs a soft delete:
- All associated tickets are moved to spam.
- To permanently delete a contact, use the Delete Forever button in the Deleted Contacts tab to erase all contact data permanently.
Learn more about How to Delete Contacts in Desk365
3. Company mapping
- Desk365 maps users to companies based on their email domain.
- If no match is found, the company field is left blank.
- In cases where multiple contacts with the same domain are linked to different companies or multiple companies share the same domain, the mapping will remain blank.
4. Provisioning modes
Desk365’s automatic provisioning mode allows API-based provisioning or deprovisioning of user accounts for seamless integration. It’s smart provisioning capabilities extend beyond basic features. It includes robust monitoring tools and configurable email notifications to keep administrators updated about provisioning statuses and potential issues. For instance, logs available in the Microsoft Entra ID portal can be accessed to analyze successes and failures, enabling proactive troubleshooting.
5. Provisioning status
Enable provisioning by setting the Provisioning Status to On. This will start the initial cycle and synchronize users. The service will continue syncing at regular intervals (approximately every 40 minutes). If needed, pause the service by changing the Provisioning Status to Off. This stops all provisioning actions.
6. Monitor integration
You can now see the users from Entra ID synced to Desk365 in your agent portal.
This configuration ensures efficient and secure identity management between Microsoft Entra ID and Desk365, reducing administrative overhead and improving productivity.
Frequently Asked Questions
Desk365 integrates with Microsoft Entra ID using the SCIM 2.0 protocol. It automatically imports contacts from Microsoft Entra ID into Desk365 and ensures updates made in Entra ID are reflected in Desk365.
To connect, create an application in the Microsoft Entra Admin Portal, set the provisioning mode to automatic, and provide the Desk365 tenant URL and API token.
Attribute mapping defines how user information is transferred between Microsoft Entra ID and Desk365. You can configure mappings for user creation, update, and deletion.
You can choose to sync either all contacts or only specific contacts based on your requirements. This option is configured in the Scope section within settings during the provisioning setup.
Yes, Desk365 maps contacts to companies based on their email domain. If a domain is found in a single company then the contacts provisioned with that domain will be mapped with the corresponding company.
If a match is not found, the company field will remain blank.
No, Desk365 only supports User Provisioning from Microsoft Entra ID and does not support Group Provisioning.
It means the contact is moved to Deleted Contacts and the user’s associated tickets are moved to spam. To permanently delete a contact, you need to manually delete them from the Deleted Contacts tab in Desk365’s Agent Portal.
The corresponding contact in Desk365 is soft-deleted and moved to the Deleted Contacts section. Tickets created by this contact are marked as spam.
The corresponding contact is soft-deleted and moved to Deleted Contacts. Their tickets are marked as spam.
If a contact deleted in Desk365 exists in Microsoft Entra ID, they will be reactivated when changes are made to their profile in Entra ID.
Microsoft Entra ID automatically triggers user provisioning at a default interval of 40 minutes if there are any changes to the profile.
Yes, you can start, stop, or restart provisioning at any time. Existing users in Desk365 with matching usernames/IDs will be updated during this process.
Yes, provisioning must be restarted whenever the provisioning scope settings or attribute mapping are modified.
You can view provisioning logs for insights into the synchronization process, including successes, modified properties, and failures.
To access the logs:
– Navigate to your Microsoft Entra application.
– Go to Monitor > Provisioning Logs.
For additional details, refer to the Provisioning Logs Documentation.
Some common causes include:
- The secret token is invalid, expired, or lacks necessary permissions.
- A significant number of failures occurred during the creation, update, or deletion of contacts.
- The Desk365 app is not properly installed or configured in Microsoft Entra ID.
If an error occurs during provisioning, Microsoft Entra ID will notify you via email (if this option is configured). You can review the logs and error notifications in the Entra ID portal to troubleshoot and resolve the issues.
You can view the Synced Contacts from Accounts > Contacts > All Contacts. You will find the status in the Entra Sync column or within the contact details section along with the last synced time when you hover over it.
Yes, Desk365 supports syncing individual contacts within groups when added to Microsoft Entra ID User Provisioning.
Yes, Desk365 supports syncing individual contacts within groups when added to Microsoft Entra ID User Provisioning.
No, we only support outbound provisioning. This means any changes made to a profile in Entra will be reflected in Desk365 and not vice versa.
