Lanes & Planes offers you the option of importing and updating certain user data for your employees directly and automatically from Microsoft Azure Active Directory (AAD) to Lanes & Planes.
In this article, you will learn what is required to set up the interface and how the user import works.
1. setting up the integration with Lanes & Planes and AAD
1.1.1 App registration and creation of an API key set
1.1.2 Creating a group
1.1.3 Setting up access rights for transferring user data
1.2.1 Storing the AAD API keys
1.2.2 Setting up the automatic user import and the automatic sending of invitation emails
2. synchronisation of user data from AAD to Lanes & Planes
2.1 Transferred attributes / employee master data
2.2 Time of synchronisation
2.3 Information about previous user imports
2.4 Further information on synchronisation
1. setting up the integration with Lanes & Planes and AAD
Are you interested in importing your employees' master data from Microsoft Azure Active Directory to Lanes & Planes? Then please let your contact person in Implementation or Account Management know.
1.1 Setting up the AAD
1.1.1 App registration and creation of an API key set
Create the following API key set in your AAD company account via an app registration:
- Directory (Tenant) ID
- Application (client) ID
- Client Secret
- Group ID
To do this, log in to AAD as an administrator and open the App Registrations area in the dashboard. Click on New registration.
Give your application a name and select the following option. Then click on Register.
The Application (client) ID and the Directory (tenant) ID are now displayed. You will need both codes later in order to store them in Lanes & Planes.
Now click on Certificates & secrets in the left-hand area and then on New client secret to create the required third code, which must be entered in Lanes & Planes.
Give your client secret a name (description) and decide whether you want an expiry date or not.
Then click on Add.
The created client secret is now displayed. Make absolutely sure that you remember the client secret , as it is only displayed once.
1.1.2 Creating a group
Create a group and later assign this group to all users who are to be given access to Lanes & Planes
1.
2.
1.1.3 Setting up access rights for transferring user data
To access the user data, activate the following access rights
1.
2.
3.
4.
IMPORTANT: The access right must be granted in the application context (Bearer Token), not in the user context (ID Token).
1.2 Setup with Lanes & Planes
1.2.1 Storing the AAD API keys
As soon as Lanes & Planes has enabled user data transfer for your organisation, a separate button called Manage Azure Keys will appear in the Settings & Policies section of your company account. (Lanes & Planes users with administrator rights have access to this page).
Please click on Manage Azure keys.
Now deposit the following information from your AAD company account and save afterwards:
1.2.2 Setting up automatic user import and automatic sending of invitation emails
You can define these settings in the Settings & guidelines > General settings area.
You can decide for yourself whether the user data from AAD should be automatically uploaded and updated to Lanes & Planes every 6 hours (for more information, see point 2).
You can also specify whether newly created users in Lanes & Planes should be automatically invited by e-mail.
2.1 Transferred attributes / employee master data
The following user data can be transferred and updated directly from AAD to Lanes & Planes via the interface:
Mandatory:
- First name and surname
- E-mail address
- User account active/inactive
- Billing profile(s) (creation in Azure as customised attribute required)
Not mandatory:
- Personnel number
- Manager (max. 1 manager possible; the manager stored in AAD must correspond to the travel manager in Lanes & Planes)
- Individual cost centre
2.2 Time of synchronisation
The user data from AAD can either be transferred automatically every 6 hours via the interface to Lanes & Planes (see settings under point 1.2.2.) or by manually triggering the import. Manual user import is possible in the user administration area. Please click the ‘Pull user from Azure’ button here.
Important note on the automatic transfer of user data:
Most Lanes & Planes customers use organisation-wide user settings, which require a travel manager to be stored for the individual travellers, as well as the mandatory specification of a cost centre. If this is not the case for your company, you can use the automatic transfer of user data without restriction.
If your company-wide user settings in Lanes & Planes require the assignment of a travel manager and a cost centre, the automatic update cannot be used without restriction. The cost centre cannot be transferred from AAD. The travel manager can only be transferred if the manager stored in AAD and the Lanes & Planes travel manager match. In this case, the user import must be initiated manually. To do this, the organisation-wide user settings must be temporarily deactivated and reactivated after the import.
2.3 Information on previous user imports
The link Previous user imports in the company account takes you to the overview of previous user imports.
If you click on Details, you will receive more information about which users were newly created or changed by the import and can click directly on the respective user account at Lanes & Planes.
2.4 Further information on synchronisation
Manual changes to user data in the Lanes & Planes user accounts
Please note that manual changes to name, gender, cost centre, travel manager in the Lanes & Planes user account are automatically overwritten with the data stored and transmitted in AAD. (Exception: e-mail address)
Email address
If you plan to change an employee's e-mail address in AAD, please change the e-mail address in the Lanes & Planes account beforehand. As our system can only uniquely identify an employee by their e-mail address, a new user would otherwise be created with the changed e-mail address and the existing user deactivated. Please make absolutely sure that the employee's e-mail address stored in AAD already exists. If you synchronise users with Lanes & Planes who have non-existent email addresses, the user will not receive any emails from Lanes & Planes.
One or more billing profile(s)
The transfer of one or more invoice profiles is possible via a customised attribute in AAD. If you transfer one or more invoice profiles, we will be happy to provide you with the required accounting_invoice_profile_ids .
User role
Every new user is created with the ‘Traveller’ role in the first step. All other roles can be subsequently adjusted in the Lanes & Planes tool and are not overwritten by the synchronisation.
Comments
Please sign in to leave a comment.