Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
This feature is for public preview customers only. Features in preview might not be complete and could undergo changes before becoming available in the broader release.
1. Generate the security certificate, secret, or federated credential
Applies to: Organizational Data Source Administrator or HRIS Source system admin
To start getting data from your source file into Organizational Data in Microsoft 365, the global admin needs to create and register an app in the Microsoft Entra admin center. As the data source admin, you need to help the global admin register their app by giving them a security certificate or secret.
Here's how. Use only one of the three options below.
Using a certificate
Create a certificate by following these instructions.
Send the generated certificate to the global admin.
Using a client secret
In the Microsoft Entra admin center, under Manage on the left, select Certificates & secrets.
Select Client secrets, then select New client secret.
Enter a description for the secret and set an expiration date. Then select Add.
On the Certificates & secrets page, select the copy icon to copy the secret to your clipboard. Share it securely with the global admin.
Using a federated credential
You can use workload identity federation to configure a user-assigned managed identity or app registration in Microsoft Entra ID to trust tokens from an external identity provider. This eliminates the maintenance burden of manually managing certificates or secrets.
In the Microsoft Entra admin center, under Manage on the left, select Certificates & secrets.
Select Federated credentials, then select Add credential.
Set up the credential using the resources here.
2. Register a new app in the Microsoft Entra admin center
Applies to: Microsoft 365 Global Administrator
Note
For more information about registering an app in the Microsoft Entra admin center, see Quickstart: Register an application with the Microsoft identity platform.
From the Microsoft admin center's left rail, select All admin centers. This option appears as the last one on the list.
Select Microsoft Entra ID.
Create a new app registration:
In the top toolbar, select Add > App registration.
On the resulting screen:
Give your app a name.
Under Supported account types, leave the first option, Accounts in this organizational directory only ([Your organization] only - Single tenant), selected.
At the bottom of the screen, select Register.
When you arrive back at the Overview page, copy the Application (client) ID and Directory (tenant) ID. Keep these IDs handy. You'll need to provide them later.
Add a certificate:
Select Add a certificate or secret.
Select Upload certificate.
Upload the certificate, secret, or federated credential that the data source admin gave you and add a Description. Select Add.
Remove API permissions:
On the left, select API permissions.
For each listed API / Permissions name, select the ellipsis (...) to the right of the API, such as Microsoft Graph.
Select Remove permission.
Confirm removal. When you remove permissions for these items, you're making sure the app only has permissions for what it needs.
Give the Data source admin the app ID and the tenant ID.
3. Set up the import in the Microsoft 365 admin center
Applies to: Microsoft 365 Global Administrator or Organizational Data Source Administrator
Start the import from the Data Connections page on the Organizational Data in Microsoft 365 page (Home > Setup > Migration and imports > Organizational Data in Microsoft 365 > Data Connections).
Select Get started (if this is the first time you're importing data), or New import (if you've already imported data).
On the Select connection type page, select Start API-based setup.
Select the apps and services with which you'd like to share data. By default, all public reserved attributes are shared across Microsoft 365 and Viva apps and services. Use this page to select apps with which to share application-specific and custom data. You can change your selections at any time within Settings. Learn more.
The Preparation and setup overview page lays out the rest of the steps to complete the connection. Some of these steps, such as the creation of the app ID, have already been completed using the process described above. You'll need to prepare a header .csv file to map your imported attributes to the apps with which you're sharing data. If you don't already have a template for this file, select Download template to get started. Learn more about how to structure this data file.
On the Set up API-based connection page, give your connection a name, and enter the app ID that your global admin gave you.
Share the Scale unit, such as "novaprdwus2-01," with your data source admin so that they can send data to the Microsoft 365 API.
If you want, select Prioritize Organizational Data in Microsoft 365. Learn more about this setting.
On the Import headers for attribute mapping page, upload the .csv file you created in the previous step for attribute mapping.
- Make sure the headers in the CSV header file match your .csv data file. If you have more fields in your CSV header file than in your .csv data file, or vice versa, processing for your import will fail.
Map your reserved attributes to your imported data. This means you'll match attributes from your .csv file to their corresponding attributes for the apps with which you're sharing data. Any imported attributes that you don't match to reserved attributes are used as custom attributes and can't be renamed. Learn more.
View the global attributes that are used for all Microsoft 365 apps and services. These are attributes pulled from your imported data that are automatically used by all eligible apps. At the bottom of the page, select Next.
On the last page, review all the details, apps, and attribute mapping for your connection. If everything looks correct, select Connect.
Note
If you set up periodic exports from your source system, your data will be validated for Viva and Microsoft 365 services requirements. If you haven't configured period exports, the connector will be set up, but data won't be pulled into the system to be validated. Instead, you'll see an "Awaiting connection" status on the Data connections tab in the Microsoft 365 admin center. Selecting that connection shows that the data source admin hasn't configured the periodic exports. You'll be prompted to reach out to them to get that process started.
Your organizational data is validated against the requirements for use with Viva and Microsoft 365 services. Validation takes a few hours; however, it can take up to three days for your complete data upload to be available in the profile store. You can check the validation status on the Organizational data page in the admin center. When the validation is complete, you see a message that your data is in use and managed by Viva and Microsoft 365. Once validation is complete, the organizational data is made available to the apps and services you selected.