Office 365 Integration
      Back to home
      1. Help Center
      2. Integrations
      3. Office 365 Integration

      Single Sign On (Office365)

      Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials.

      Overview

      The SSO process starts from the Login page. On click of the Office365 Login button a call is made to the AzureAD Account controller to sign in.

      This all happens behind the scenes. Once clicked, the Office365 credentials will be identified and the user will automatically be logged in to the StaffCircle server.

      StaffCircle Office365 App

      Another role of the StaffCircle app registration is to expose the StaffCircle web app as an Office365 application on the Office365 user App dashboard. This can bee seen on the lefthand side of the page and under the application panelThis app performs the same Sign-in action as the Office365 button mentioned above.

      Enterprise Applications

      The StaffCircle app registration gets created in the customers Azure AD as an Enterprise Application. It is here that an IT admin can grant privileges to AD users to access StaffCircle from the user’s Office365 Apps dashboard.

      This allows control of the StaffCircle app from an IT admin perspective.

      Office365 Integration Configuration

      The Office 365 integration can be configured within the StaffCircle UI under settings / integrations. The following settings exist:

      • Enable / Disable Integration - When the integration is enabled the Login with Office 365 option will come available on the login page. When turned off the option to login with Office 365 will no longer be available. 

      • AutoSync - Autosync controls whether you want to update the StaffCircle user with alterations made within Active Directory. The following rules are applied.

      • Creating an AD user will create an associated StaffCircle user.

      • Deleting an AD user will deactivate the associated StaffCircle user.

      • Turning off AD login for a user will deactivate the associated StaffCircle user.

      • Turning on AD login for a user will activate the associated StaffCircle user.

      • AutoActivate - AutoActivate if turned on will automatically active StaffCircle Users created by the AD sync. The users will receive the standard StaffCircle activate email. The activation process will differ slightly for AD users in that they will not be required to validate their date of birth and set a password. All an AD user is required to do to gain access to the platform is accept the terms and conditions

      Active Directory Webhooks

      When AutoSync is turned on Microsoft Graph is used to setup a subscription to changes in the customers Active Directory. These subscriptions last for a maximum of 3 days. To renew the subscription a schedule function runs every 10 minutes looking for subscriptions that will expire within a day. Any found subscription will then be updated for another 3 days.

      Please Note: AD webhook subscriptions aren’t instant and can take up to 5 minutes till they hit the StaffCircle API.