Skip to main content

Microsoft AD integration in Journeys

Get information about employees from AD via EntraID

Written by Kristín Helga Magnúsdóttir
Updated this week

You can use this integration to get information from AD about employees, for example their job title, department, supervisor, contact details etc -- just any information you store about them in AD.

You can also use the integration to create users in AD, but this help article is only covering how you retrieve information from AD.

Setting up the authentication

Step 1: Register an App in Microsoft Entra

  1. Log in to Microsoft Entra here: https://entra.microsoft.com

  2. In the search bar, search for App registrations

  3. Click New registration

  4. Fill out the following fields:

    1. Name: 50skills Journeys AD Integration

    2. Supported account types: Accounts in this organizational directory only (50skills only - Single tenant)

    3. Redirect URI: Web, http://localhost

  5. Click Register

  6. Copy the Client ID and Tenant ID, as shown in the screenshot below, and store in a safe place:

Step 2: Generate a client secret

  1. In the left sidebar, go to Certificates & secrets and click "New client secret".

  2. Fill in:

    • Description: Journeys - Teams Integration - YYYY-MM-DD

    • Expires: Your preferred expiration date (probably 730 days)

      • 🔒 Note: This is required by Microsoft to improve security.

      • ⏳ Tip: Set a reminder to create a new client secret before the current one expires

  3. Click Add.

  4. ⚠️ Copy the client secret value immediately (you won't see it again)

Step 3: Add Microsoft Graph API Permissions

  1. In the left sidebar, go to API permissions and click "Add a permission"

  2. Select Microsoft Graph > Delegated permissions

  3. Search for "Users.Read.All" in the search bar and add it

  4. Click Add permissions

  5. Click "Grant admin consent" (see red arrow on image above)

Step 4: Generate the Authorization Code

  1. Paste the following URL into a browser:

    https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/authorize?
    client_id={CLIENT_ID}
    &response_type=code
    &redirect_uri=http%3A%2F%2Flocalhost
    &response_mode=query
    &scope=offline_access%20User.Read%20OnlineMeetings.ReadWrite%20Calendars.ReadWrite
    &state=journeys

    where you replace {TENANT_ID} with your tenant ID and {CLIENT_ID} with your client ID.

  2. You will be prompted to log in with your Microsoft 365 account.

  3. After consenting, you'll be redirected to:

    http://localhost/?code=...&state=journeys

  4. Copy the code value from the address bar. This is your authorization code.

Step 5: Get your refresh token

  1. Open your terminal

    If you're on:

    1. Mac: Open the Terminal app.

    2. Windows: Open Command Prompt or PowerShell.

  2. Copy and edit the curl command below. Replace the 4 placeholder values ({TENANT_ID}, {CLIENT_ID}, {AUTHORIZATION_CODE}, and {CLIENT_SECRET}) with the values you got from previous steps.

    curl -X POST https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token \
      -H "Content-Type: application/x-www-form-urlencoded" \
      -d "client_id={CLIENT_ID}" \
      -d "scope=offline_access https://graph.microsoft.com/.default" \
      -d "code={AUTHORIZATION_CODE}" \
      -d "redirect_uri=http://localhost" \
      -d "grant_type=authorization_code" \
      -d "client_secret={CLIENT_SECRET}"

  3. Paste the command into the terminal and press Enter. You'll get a response like this:

    {
      "token_type": "Bearer",
      "expires_in": 3600,
      "access_token": "eyJ0eXAiOiJKV1Qi...",
      "refresh_token": "0.AAA..."
    }

  4. Copy the value next to "refresh_token" (without the ""). It's a long string that looks like 0.AAA...zY_e3w. Store this refresh token somewhere secure.

Step 6: Configure Authentication in Journeys

Now you have completed the necessary steps in Microsoft Entra. Next step is to set up the authentication in Journeys, using the tenant ID, client ID, client secret, and refresh token.

  1. In Journeys' Integration Builder, open your Microsoft Teams integration, or ask our team to copy the template to your account if we have not done so already.

  2. Go to Authentication and fill in the following fields:

    • Authentication type: Bearer token

    • Authentication URL: https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token

    • Client ID: your client_id from Step 1.

    • Client secret: your client_secret from Step 2.

    • Request type: Multipart

    • Client ID key: client_id

    • Client secret key: client_secret

    • Extra data:

      {
      "scope": "offline_access https://graph.microsoft.com/.default",
      "refresh_token": "{REFRESH_TOKEN}"
      }

      where you replace {REFRESH_TOKEN} with your own.

    • Prefix: Bearer

    • Token location: access_token

    • Extra headers: Leave blank

  3. Click on Test and make sure you get a successful response.

And you are done! 🎉 You can now start using the Microsoft Teams integration in your journeys 😄

Endpoints you want to add into Journeys:

Get basic details about all employees:

GET https://graph.microsoft.com/v1.0/users

Get more details about all employees (just insert the attributes you need)

GET https://graph.microsoft.com/v1.0/users?$select=displayName,givenName,surname,mail,userPrincipalName,jobTitle,department,companyName,employeeId,employeeType,officeLocation,city,state,country,businessPhones,mobilePhone,accountEnabled,createdDateTime,usageLocation,onPremisesSamAccountName

Get information about a single employee, with details:

https://graph.microsoft.com/v1.0/users/{{email}}?$select=displayName,givenName,surname,mail,userPrincipalName,jobTitle,department,companyName,employeeId,employeeType,officeLocation,city,state,country,businessPhones,mobilePhone,accountEnabled,createdDateTime,usageLocation,onPremisesSamAccountName

Related Articles
Microsoft integration in Journeys (Sharepoint and Planner)
Google Calendar integration in Journeys
Microsoft Teams integration in Journeys
Zendesk integration in Journeys
Scrive integration in Journeys
Did this answer your question?