For the Active Directory (AD) integration, EIOBoard calls information from AD and does all of the work for syncing with AD. This means that anything done in AD will also be reflected eventually in EIOBoard. However, this may occur automatically depending on how often the sync interval is set to be. (For example if the sync user interval is set to 1, EIOBoard and AD will sync every hour.) Note: While EIOBoard and AD should sync automatically if the option is selected, changes in AD may take time to reflect within EIOBoard.
AD will auto add users who are added to groups that have had all its users synced. EIOBoard won’t auto add users added to partially full groups. This way a user can be in multiple groups, but we’re recommending they add an EB Sync group and put users they want to sync into it. Users can also be automatically removed if they have also been removed from AD as well.
Create the Integration
Log into EIOBoard via Web, and click the “Admin” option. On the left hand side of the page, you should see “Integrations”, and a drop-down menu will appear. This should reveal “User & Access Control Integrations”, which you want to click to be able to create your AD Integration. Click the blue lock with “Microsoft” written underneath to begin creating your integration.
Name the integration something appropriate for your organization and click Create.
Grant EIOBoard Permission
The first time you create an integration you will be asked to Grant consent on behalf of your organization to give EIOBoard permission to view user data. Click Provide Consent and when prompted log into the Microsoft account that manages your Azure AD or Office 365 account. You will be asked to consent to some permissions. If these permissions ever change you will be asked to consent again. Should you ever feel the need, you can revoke these permissions from your Azure AD portal by going to Enterprise Applications and deleting the EIOBoard app. This will of course prevent the integration from functioning.
For the list of Permissions EIOBoard Requires, see our Knowledgebase Article: What Security Permissions Does the EIOBoard Azure Active Directory Integration Require?
Configure the Integration
The following settings are available at this time for Microsoft Integrations:
- Integration Enabled: Toggling this to No will disable the integration. Disable the integration if you no longer want to allow SSO for your users.
- Sync User Photos: Whether you sync User Pictures to the ‘Pic’ field of their user account
- Sync User Interval: How many hours between each automatic sync(Note: may be longer in actuality due to not starting the timer for the next sync until the current sync is finished)
- Remove unsynced users from EIOBoard: Removes a user from EIOBoard if they’re removed from Azure AD or unchecked from the Template
- Use Principal Name for Username: Uses the Principal Name for Username. Can be useful if you change people’s emails in Azure without changing their username
- Only Allow Users to Login with Microsoft: Disables logging in with an EIOBoard username and password, requiring Microsoft Authentication (Note: Requires syncing in Users and having at least one synced in account as an admin before this setting can be turned on)
Configure Integration Settings
After granting permission, you can configure the main integration settings.
Configure Fields to Sync
By expanding the section under “Select which Fields to Sync” you can choose which fields will be imported from Microsoft to EIOBoard. First Name, Last Name, and Email Address are required as they are needed to identify unique users in EIOBoard.
Note: The Address and location fields can be found in EIOBoard as “Home City”, “Home Address”, etc.
Select Users to Sync
A list of user groups will appear. Users are not loaded until expanding one or more of these groups. There will always be a group that represents your whole organization, usually the name of your domain. Once the user groups are expanded, you can select which users individually that you want to sync. Clicking the checkbox next to the group name will select or deselect all users in that group. Users in multiple groups will be shown selected multiple times, however will only get synced once.
Best Practices: Since you can select a group and members of that group will be automatically synced on the schedule set, it is generally recommended to create an EIOBoard Security Group within Azure then assign people to that as needed. That way all you need to do on the EIOBoard side is select that group, then from then on you can just add or remove people from that Security Group within Azure and it will be automatically handled within EIOBoard as well!
After a Sync is Complete
Results of the sync will be shown. The possible results are as follows:
- New User Added
- A new User was created in EIOBoard. That user will now be able to log in using the Sign In with Microsoft button on the EIOBoard Web Login page.
- No changes were made to the User’s profile in EIOBoard
- If a synced field was found to be different in Microsoft than in EIOBoard, that field will be updated in EIOBoard.
- Note that if the Sync User Photos option is Yes, then the photo will be updated every time and will show as Modified.
- An Error occurred. The user may have still been added to EIOBoard however may need to be resynced for all fields to be imported properly or for SSO to function. Contact support if errors persist.
After a Successful Sync, the fields you had selected and the users you had selected will be saved. When returning to this page in the future, when you expand a group that had a user previously synced it will automatically select them.
Signing in to EIOBoard with Microsoft
On the Login page, click the button to Sign In with Microsoft. You will be prompted to log into a Microsoft account. If your user has been synced with Microsoft then you will be logged into EIOBoard. Note that the Remember Me checkbox is respected if you want to stay logged into EIOBoard.
Signing in Via The Desktop App (v10.3.5 or higher only)
In Settings on the General tab, check the box to Sign in with Microsoft. After Testing Auth. or Applying settings, you will be prompted to log into your Microsoft account. Once you are logged in, if you close and reopen the app, your credentials will be saved.