Overview
This guide will walk you through establishing a connection to Microsoft (MS) 365. The Microsoft 365 integration modifies user data such as user additions, updates, and terminations in Microsoft Entra ID (formerly known as Azure Active Directory). Consequently, the revised user information seamlessly propagates across the customer’s suite of Microsoft 365 applications (such as Teams, Office, etc.), ensuring rapid and accurate updates. This guide is divided into three sections.
Section 1: Before You Begin
Preconditions and Important Notes
- You must be an administrator for Microsoft Azure Portal.
- Setting up the Azure portal generates the following credentials that will be used to complete the connection to Paylocity:
-
- Application (client) ID
- Directory (tenant ID)
- Client Secret - Value
-
- Note: In Microsoft Azure this is called the Value and is found in the Client Secret area.
-
-
Section 2: Microsoft Tasks
Task 1: Add App Registration
- Step 1: Log in to Microsoft Azure. Click the menu button located on the top left of your screen.
- Step 2: Select Microsoft Entra ID on the left.
- Step 3: Click App Registrations on the right.
- Step 4: In the top toolbar, select New Registration.
- Step 5: In the Name field, enter Paylocity Integration. Make sure to keep the default Supported Account Types.
- Step 6: Click the Register button to complete the application registration.
- Step 7: On the next screen, copy the Application (client) ID and Directory (tenant) ID. Save these values somewhere safe. You will need to use them in the next section.
Task 2: Add Redirect URIs & Client Secret
- Step 1: Click the Add a Redirect URI option.
- Step 2: On the Authentication tab, click Add a Platform. (Note: you will need to complete Steps 1-3 twice, one time for each of the URLs below).
- Step 3: Click the Web button.
- Step 4: In the Redirect URIs field, enter the URL listed below. Then, click the Configure button. If successful, a green checkmark will flash at the top right of your screen.
-
-
https://app.cloudsnap.com/oauth_flow/complete
-
-
- Step 5: You will be automatically returned to the Platform Configurations screen. Under Web, click the Add URI link.
- Step 6: Paste the URL below into the box. Then, click the Save button.
-
- https://www.getpostman.com/oauth2/callback
-
- Step 7: On the left menu, select Certificates and Secrets.
- Step 8: Click New Client Secret.
- Step 9: Complete the Add a Client Form. Then, click the Add button at the bottom of your screen.
-
- Description: It is recommended that Paylocity Integration is used for the Description.
- Expires: Microsoft advises setting client secrets to automatically expire every 180 days (6 months). When a secret reaches its expiration, it will be necessary to reach out to our dedicated Services team to facilitate the seamless updating of your integration.
-
- Step 10: Copy the Client Secret - Value. Make sure to paste this value somewhere safe to use in the next section. (Note: You can copy the value by clicking the copy icon to the right of the Value.
-
- Note: In Microsoft Azure this is called the Value and is found in the Client Secret area.
-
Task 4: Set API permissions
- Step 1: On the left menu, select API Permissions.
- Step 2: Select Add a permission.
- Step 3: On the Select an API screen, scroll down and click Microsoft Graph.
- Step 4: Select Application permissions.
- Step 5: First, scroll down to locate Domain permissions. Select Domain.Read.All. Scroll down to the User permissions. Select User.ReadWrite.All. Once both permissions are selected, click Add permissions.
Domain:
User:
- Step 6:Admin consent must be granted for this integration. If a Status displays not granted for your company, then select Grant admin consent.
- Step 7: Choose Yes.
- Step 8: Confirm Status has changed to Granted.
Task 5: Assign Paylocity Integration to Privileged Authentication Administrator Role
- Step 1: Go to https://entra.microsoft.com
- Step 2: In the left menu, select Show more > Roles & admins > Roles & admins
- Step 3: Once on the Roles and administrators page, search for Privileged Authentication Administrator.
- Step 4: Click the link displayed in the Assignments column on the Privileged Authentication Administrator row.
- Step 5: Once on the Privileged Authentication Administrator page, click Add assignments.
- Step 6: In the Add assignments drawer that opens on the right side of your screen, search for Paylocity. Then, select Paylocity Integration.
- Step 7: Click Add.
- Step 8: If successful, you will be notified with message shown below.
Section 3: Establish Connection
Task 1: Make connection in Marketplace
- Step 1: If your Paylocity Marketplace wizard is still open, enter the values copied from the previous Sections into the authentication fields and click Authenticate (see step 5 below). If you've navigated away and need to reopen the wizard, return to Paylocity and navigate to the ☰ Workspace selection menu in the upper-left corner of the page. Select Marketplace.
- Step 2: Select My Integrations.
- Step 3: Select Drafts.
- Step 4: Select the Continue Setup button on the Microsoft 365 app tile.
- Step 5: Enter the values copied from the previous Sections into the authentication fields and click Authenticate.
Comments
0 comments
Please sign in to leave a comment.