Post

Syncing EntraID Attributes Across Applications ✨: A Guide to Integrating Entra ID with Slack Using Azure Logic Apps

Introduction

When managing user attributes across multiple applications, ensuring data consistency can be challenging, especially if those applications do not offer built-in synchronization with Entra ID (formerly Azure AD). For example, Slack requires a higher licensing plan to sync user attributes via SCIM. Entra ID is our single source of truth, so it’s crucial that any changes, such as job title updates, are propagated to all applications. But fear not! With Azure Logic Apps, you can automate the process seamlessly. In this blog post, we’ll walk you through how to update user information in Slack from Entra ID using Azure Logic Apps.

Scope

This guide focuses on configuring Azure Logic Apps to update user attributes in Slack from Entra ID, ensuring that all user details remain accurate. The attribute we’ll update today is JobTitle however the same steps can be followed to update other attribues such as divison, company name or location.

Solution Summary

To achieve synchronization, we used Azure Logic Apps, a cloud-based platform for creating and running automated workflows. Our solution involves one Logic App:

  • entraid-slack-logicapp

This Logic App can run on a schedule, retrieve data from Entra ID, and update Slack via its API.

Workflow Overview

  • Create Slack API Tokens and Test Slack API
  • Configure User Token Scope to Modify User Profiles
  • Store API Tokens Securely in Azure KeyVault
  • Retrieve User Attributes from Azure AD
  • Filter and Prepare User Data
  • Automatically Update User Attributes in Slack

Let’s dive into each step! 🌊

Section A: Configure Slack

Step 1: Create Slack API Tokens and Test Slack API

First, you need to create an application in Slack to generate the API Token. Follow this documentation:

Slack

Step 2: Configure User Token Scope

Make sure to configure the user token with the appropriate scopes to modify user profiles. This includes permissions like users:read and users:write.

Section B: Create and Configure Logic App

Step 1: Create your Logic App

First, create your Logic App and select the recurrence trigger to run on a schedule. You can set this however you wish. In this case the logic app will run every Wednesday at 19:00.

trigger

Step 2: Store API Tokens Securely in Azure KeyVault

Store your Slack API token and the Entra ID Auth token in Azure KeyVault to ensure they are secure and easily accessible for your Logic App.

Configure the Logic App to retrieve secrets securely. These secrets will be called at a later stage to pass the key as a bearer token to get the list of users from Entra ID and the Slack token will be used to call the Slack API.

keyvault

Step 3: Retrieve User Attributes from Azure AD

Your Logic App will start by retrieving the list of all users and their attributes from Entra ID using Microsoft Graph API https://graph.microsoft.com/beta/users.

graphAPIcall

Step 4: Filter and Prepare User Data

Parse the retrieved data, store it as an object, and convert it into an array. Filter users to include only those who are enabled in Entra ID (accountEnabled attribute).

Parse

Filter

After this step, you should be able to create a select action where you can filter the attributes you need. The result of this should be a list of users in JSON format.

select

Next, we will need to create a for each loop which will loop through all the active users in Entra ID and for each user, it will update Slack via an API call.

We will need to initialize variables before the for each loop which will be used in the loop to set the variable (as it will not let you initialize a variable in the For Each loop).

initializevariable

Let’s have a look inside the for each loop:

initializevariable

  • First, it sets the Job Title variable which at this stage is empty. We are passing the Job Title that was initialized earlier.

initializevariable

  • Next, we create a compose action just to print some variables such as userPrincipalName to help us understand each run (not necessary).

  • Then we will get the user from Slack by doing a lookup via API using the userPrincipalName. This will return the Slack ID which will be used to update the particular user.

GetSlackUser

  • The output is stored in a variable called slackUserInfo which includes the Slack ID and some other metadata.

  • The Slack user ID is extracted from the Slack user info.

StoreSlackInfo

The variable is configured: variables('SlackUserInfo').user.id

  • Lastly, call the Slack API to update each slack user.

updateJobTitleAPI

Step 5: Update User Attributes in Slack

Test and run the Logic App.

If you have any questions, feel free to reach out to me on LinkedIn! 💬📬

This post is licensed under CC BY 4.0 by the author.