This guide walks you through how to connect Microsoft Entra ID to Firstbase and ensure the necessary configurations are in place to support onboarding, updates, and offboarding of your employees.
Step 1: Connect Microsoft Entra ID to Firstbase
To enable the Microsoft Entra ID integration, Firstbase requires your Tenant ID. This allows us to authenticate securely and begin syncing user profile data from your directory.
Instructions
-
Open Azure Entra ID
- Log in to the Azure Portal.
- Under Azure Services, click on Azure Entra ID.
-
Find Your Tenant ID
- You will be taken to the Overview page.
- Under Basic Information, locate the field labeled Tenant ID.
-
Submit Your Tenant ID in Firstbase
- In the Firstbase platform, go to Settings > Integrations.
- Select Microsoft Entra ID and begin the connection flow.
- Paste your Tenant ID into the form when prompted.
- Click Submit.
Once submitted, Firstbase will validate the connection and begin syncing employee records.
Step 2: Field Mapping Requirements
To enable onboarding, updating, and offboarding workflows in Firstbase, your Microsoft Entra ID environment must provide the fields listed below. If a field is not available via standard Entra properties, you must configure it as a Custom Security Attribute.
Field Mapping Table
| Data Field | Entra Standard Property | Custom Attribute Name | Required for Integration |
| First Name | givenName | firstName | Required |
| Last Name | surname | lastName | Required |
| Work Email | workEmail | Required | |
| Personal Email | Not available | personalEmail | Required |
| Country | country | country | Required |
| Address Line 1 | streetAddress | addressLine1 | Only if using Automatic Package Orders; Should be the address for shipping the equipment |
| Address Line 2 | Not available | addressLine2 | Only if using Automatic Package Orders; Should be the address for shipping the equipment |
| City | city | city | Only if using Automatic Package Orders; Should be the address for shipping the equipment |
| State / Province | state | state | Only if using Automatic Package Orders; Should be the address for shipping the equipment |
| Postal Code | postalCode | postalCode | Only if using Automatic Package Orders; Should be the address for shipping the equipment |
| Group Name (e.g. Dept) | department | groupName | Only if there's customization options needed |
| Employment Type | employeeType | employmentType | Only if there's customization options needed |
| Phone Number | mobilePhone | phoneNumber | Only if using Automatic Package Orders. |
| Start Date | hireDate | startDate | Required for Onboarding/User Creation |
| Termination Date | Not available | terminationDate | Required for Offboarding |
| custom1 | Not available | custom1 | Only if there's customization options needed |
| custom2 | Not available | custom2 | Only if there's customization options needed |
| custom3 | Not available | custom3 | Only if there's customization options needed |
Custom Security Attributes
If any required fields are not available in your current Entra schema, you must configure them as Custom Security Attributes:
- Attribute Set Name: Firstbase
- Attribute Names: Use exact casing from the table above
- Data Type: All attributes should be created as string
Create these in Microsoft Entra Admin Center > Identity > Custom security attributes (Preview) and assign them to your users.
Automating Custom Security Attribute Updates via HRIS
Once your Custom Security Attributes are created, you can automate their population by syncing employee data from your HRIS (e.g., Workday, BambooHR, HiBob) into Microsoft Entra ID.
There are two primary methods to do this:
Option 1: Attribute Mapping via Enterprise Applications
If your HRIS is connected to Microsoft Entra as an Enterprise Application, you can map fields from your HRIS to the custom security attributes you created in Entra.
Steps:
- Go to the Microsoft Entra Admin Center.
- Navigate to:
Enterprise Applications → Select your HRIS app (e.g., Workday) → Provisioning tab. - Under Attribute Mappings, locate the user provisioning section.
- Map the HRIS field (e.g., jobTitle, employeeType, startDate) to the matching custom security attribute (e.g., Firstbase personalEmail).
Save your changes and trigger a test sync.
For additional guidance, refer to Microsoft’s documentation:
Tutorial: Configure user provisioning to an application in Microsoft Entra ID
This method ensures that updates made in your HRIS (such as hire dates or department changes) are automatically written to the appropriate custom fields in Entra and made accessible to Firstbase.
Option 2: Scripted Updates via PowerShell or Microsoft Graph API
If your HRIS does not support direct integration with Microsoft Entra, you can schedule regular scripts to update user attributes using PowerShell or the Graph API.
PowerShell Example:
powershell
CopyEdit
Update-MgUser -UserId "user@yourdomain.com" -AdditionalProperties @{
"extension_Firstbase_startDate" = "2024-05-01"
"extension_Firstbase_employmentType" = "Full-Time"
}
This method is flexible for organizations using a custom-built HR system or exporting user data via CSV or API.
For more info on Microsoft Graph integration, visit:
Microsoft Graph API Reference – Users