This guide will walk you through the steps of how to integrate your Xink account with your Azure AD in order to export all users (or only the users you specify) to Xink.
Once set up, it automatically removes users from Xink portal when the user is no longer exists in Azure AD.
Which default fields are imported from Azure AD to Xink?
The following default fields are imported into Xink once you've integrated them with Azure AD.
Each of these properties is put into the corresponding default fields in Xink:
- givenName (First Name)
- sn (Last Name)
- displayName (Display Name)
- mail (Email)
- telephoneNumber (Phone)
- title (Job Title)
- department (Department)
- mobile (Mobile)
- facsimileTelephoneNumber (Fax)
- company (Company)
- streetAddress (Street)
- l (City)
- st (State)
- postalCode (Zip)
- co (Country)
- jpegPhoto (Photo)
After you integrate to Azure AD, employees will show:
- It automatically updates every two hours.
- You can also trigger the sync by clicking "Schedule Update" on your dashboard (will only show if you have set up O365 signatures).
- It updates account information such as name, numbers, and titles add new users and remove old users (if you have checked 'Delete Employees').
How to create Xink API and grant access to through Azure AD Portal.
Azure AD users will be imported to the Xink portal automatically when you integrate Xink with your Azure AD.
To get started, you need to open your Windows Azure Management Console and follow these steps below:
- On the left navigation pane, click "App registrations" use 'search box' to search "App registrations" and then bookmark it for future use.
- Click the “New Registration” button. Fill the appeared Create pop-up.
Give a Name to your application, choose Web and enter https://app.xink.io.
Then click the Register button.
Next step is preparing your Azure AD API for Xink integration.
- Still in the "App Registrations" copy and save the Application ID on a notepad because you will need it later on Xink integration page.
Select the Application you created and click "Certificates & secrets" in the list and then add 'new client secret'.
Write 'Xink Key' in the Description field 'Xink Key' and then select Never in the expiry date and click on Add.
The auto-generated key will appear after you click 'Add' in the screenshot above. Now save the key value because you will need it along with Application ID later on Xink side integration page.
- Then go to the API permissions section. Click Add a permission button and find "Microsoft Graph" in the list and select the recommended permissions below (See image below)
In the Application Permissions menu, tick each of the following:
- Read all groups
- Read all users' full profiles
In the Delegated Permissions menu, tick each of the following:
- Sign in and read user profile
- Finally, click Grant admin consent for tenant, then accept with Microsoft 365.
Now you have granted Xink to read and import users from your Azure AD to Xink.
Finally, update credentials in Xink
- Log into your Xink account.
- Click the drop-down next to your Profile in the upper right-hand corner > Preferences > Integration > Azure AD.
- Fill in the following information:
Check Enable Azure AD user synchronization so you automatically import all users from Azure AD so you no longer have to import any manually.
Tenant Name is the name of your Azure AD domain, like 'yourcompany.onmicrosoft.com'.
Paste your copied Application ID into the Application ID field.
Paste in your Azure AD key value.
It's recommended to check Delete Employees for Xink to automatically remove users that no longer exist in your Azure AD, so you constantly have an accurate number of total licenses and users.
Check Look at ProxyAddresses array for Email and if user's Email field is empty, export service can try to use the first element of this array.
Check Look at Other (Alternative) array for Email and if user's Email field is still empty, export service can try to use the first element of this array.
Try to use User Principal Name as Email is unchecked by default in Xink. If user's Email field is still empty, export service can try to use User Principal Name as Email once you check this item, but it is not recommended.
Check Use import filter and fill out the criteria below if you want to set up certain import criteria.
If it all works, hit Save and your Xink + Azure AD integration good to go!
IT Pro: How to read groups from Active Directory (AD on-premises and Azure AD).