How do I set up a Microsoft Entra ID integration?

Follow this guide to set up a Joyous Microsoft Entra ID Integration

About this integration

The Joyous integration to Microsoft Entra ID can be used for one or both of the following purposes:

  • People Data: Import the people you want to participate in Joyous conversations.
  • Single Sign-On (SSO): Enable leaders to sign in to Joyous with Microsoft credentials.

People data

Joyous imports people from an Entra ID group. This group should be created with dynamic rules to control who is and isn't imported into Joyous based on your requirements. (e.g. Active Users only, Exclude contractors).

After setup the synchronization will run daily, the specific time of day can be configured if required.

When synchronizing employees we use a feature of the Microsoft Graph API to select their manager ID and build relationships within Joyous based on that.


The required attributes are:

  • id (objectId)
  • userPrincipalName | mail (email)
  • givenName
  • surname

Additional attributes can be imported into Joyous and used as data filters, including extension (custom) attributes. We recommend at least the following:

  • jobTitle
  • department
  • city

If you have a custom employee ID in addition to the Entra ID, we recommend importing this as well.

Setup Process

Step 1 - Customer:

  • Decide which attributes to import into Joyous. Details on how to find extension attribute names can be found in Microsoft Azure Active Directory documentation.
  • Create a "Joyous" group in Entra with the required member rules to identify who should receive Joyous conversations (e.g. Active users, exclude Contractors).

Step 2 - Joyous:

  • Configure a temporary account with your email address and trigger an email to set a password and sign-in.

Step 3 - Customer:

  • Sign in to Joyous (go.joyoushq.com) with the temporary account.
  • Click on the settings cog to navigate to the configure page.
  • Click Integrations then Sync with Active Directory.
  • Authenticate with Microsoft using an account that has the Global Admin role.

A service account is the best option for this. The created Microsoft refresh token is tied to the account used in this step. Specific user actions (e.g. resetting password) will revoke all refresh tokens and require re-setup.

  • Select the "Joyous" group created in Step 1.

This will trigger the synchronization and set up recurring daily synchronizations.

Step 4 - Joyous:

  • Perform data checks.
  • Remove temporary account.

After completing these 4 steps your integration is complete.

 

🔐  If you'd like to learn more about how Joyous handles data security, read our Privacy and Security Overview.