Using the 8x8 Azure AD App
In the following sections, user attributes are described in bold to indicate the name shown in the Azure AD portal and in italics to indicate the equivalent name seen in PowerShell, Attribute mappings. and the Graph API. For example the surname attribute is labeled Last name in the Azure AD portal.
To create a user in 8x8 assign them to the 8x8 App. They appear in Configuration Manager when the next Azure AD sync cycle runs.
Note: 8x8 recommends that each AD user to be assigned to 8x8 has their Office (physicalDeliveryOfficeName) attribute set to the name of the 8x8 Site they belong to. You can copy the site name from Configuration Manager.
Note: Azure AD provisioning activity typically runs on a 40 minute cycle. Please allow one hour between assigning a user to the 8x8 app before the user appears in Configuration Manager.
Any unlicensed 8x8 users are visible along with their contact number to the licensed users in their corporate directory. If you do not intend to assign an 8x8 license to the created user then no further action is required.
To configure a user with an X Series service you must sign into Configuration Manager and assign an X Series license to the user. Then edit the user individually , or in bulk, using the Edit feature.
Whenever an Azure AD user that has been assigned to the 8x8 app is updated, Azure AD pushes any changes to 8x8 as required automatically.
If a user has their Block sign in (isSoftDeleted) attribute set to Yes in Azure AD, they are deactivated in 8x8 and are no longer able to make or receive phone calls (except Emergency calls). They are also not able to log in to any applications. Existing login sessions expire within half an hour. The user is not deleted and they retain their X Series license and settings.
When you unblock a sign-in for a user in Azure AD it also re-activates that user in 8x8.
Deleting a user in Azure AD is a two-stage process:
- Initial deletion is a soft-delete which moves the user to the “Deleted users” blade in Azure AD. This causes the user to be deactivated in 8x8 (This is similar to blocking sign-in from Azure AD).
- When a user is fully deleted from Azure AD, nothing further happens to the 8x8 user. If the user had not already been deactivated, then the user is deactivated at this point, but not deleted. It is not possible to delete an 8x8 user via the integration, you need to do this individually in Configuration Manager.
When a user is created in 8x8 via the Azure AD app, 8x8 considers the user to be owned by Azure AD. This activates some administration restrictions in Configuration Manager, specifically preventing any changes to the key user attributes that are mastered in AD:
- First name
- Last name
- Email address
- Personal contact number (Mobile phone in Azure AD)
- Deactivation and Activation
These restrictions are there to ensure your 8x8 users do not become out of sync with Azure AD.
When a user is unassigned from the 8x8 app in Azure AD, they are deactivated in the 8x8 app but not deleted.
If you create a user in 8x8 Configuration Manager directly, and there is an equivalent user in Azure AD, then assigning the Azure AD user to the 8x8 app in Azure AD is enough to link them providing the following criteria are met:
Their Username in Configuration Manager matches their User name (userPrincipalName) in AD.
Upon initial assignment to the 8x8 app, Azure AD checks if the user’s attributes are in sync and updates the 8x8 user accordingly. At this point, Configuration Manager considers the user to be owned by Azure AD and prevents any changes to those attributes that are mapped from Azure AD. This restriction avoids data inconsistency by enforcing that changes are only made to the master data source of the user.
If you want to disable the integration temporarily, there is setting for this in the application’s Provisioning blade in Azure AD.