With Manager synchronization, absentify can automatically assign Microsoft-listed managers as approvers for absence requests. Through User synchronization, profile information can be maintained and updated, such as names, emails, and profile pictures. This functionality requires permissions for the absentify - Users Permission Microsoft 365 Enterprise App (App ID: b163cce9-74dc-48b3-a04f-7a35ea72c451), utilizing the User.Read.All permission.

Benefits of granting user synchronization permissions

Granting the User.Read.All permission to the absentify - Users Permission app provides multiple key benefits for your organization:

  • Automated manager-approver assignments: Managers defined in Microsoft are automatically synchronized as absence approvers in absentify, streamlining your approval workflows.

  • Up-to-date profile information: Changes to user profiles in Microsoft, such as first name, last name, email, and profile picture, are automatically synchronized in absentify, ensuring consistent and current information across systems.

  • Improved efficiency and performance: Profile information is stored directly in absentify’s database to ensure high application performance, avoid potential throttling limits of the Microsoft Graph API, and provide a smooth user experience.

Default functionality without permissions

If the User.Read.All permission is not granted, absentify’s manager and profile synchronization features are unavailable. As a result, the following limitations apply:

  • Manual manager updates: HR teams must manually assign and update approvers within absentify, increasing workload and the risk of outdated information.

  • Login-based profile synchronization: User profiles are only updated in absentify when users log out and log back in. To avoid Microsoft Graph API throttling, profile updates are limited to one synchronization per user per hour.

How absentify uses the User.Read.All permission

To ensure transparency and build trust, here’s how absentify uses the User.Read.All permission in the absentify - Users Permission app:

  • Manager synchronization: This permission is used to pull manager information from Microsoft and assign managers as absence approvers in absentify.

  • Profile synchronization: Changes in users’ first name, last name, email, and profile picture are automatically synchronized and stored in absentify’s database. This storage ensures that absentify functions with optimal performance while reducing reliance on frequent API requests.

  • Secure storage: All profile data is stored GDPR-compliantly in our secure database hosted in Azure North Europe. No developers or members of other departments have access to the production database or stored data, which is limited exclusively to necessary personnel within top management at BrainCore Solutions GmbH (the creator and owner of absentify). Database access is restricted to the Azure environment with no external copies or unauthorized access.

Security and data protection

We prioritize security and data privacy, following rigorous standards to protect your organization’s information:

  • ISO 27001 certification: absentify is ISO 27001 certified, demonstrating compliance with international standards for information security management.

  • Microsoft 365 App Certification: The absentify - Users Permission app has achieved Microsoft 365 App Certification, confirming compliance with Microsoft’s security, privacy, and compliance standards. This certification assures that absentify adheres to best practices for data handling and security.

  • Secure key management: Access secrets required for synchronization are securely stored in an Azure Key Vault, restricted to authorized personnel at BrainCore Solutions GmbH. No unauthorized access is permitted, and access to all sensitive data is strictly limited to necessary personnel only.

Enabling manager and profile synchronization

To activate automatic synchronization of managers as approvers and profile information updates in absentify, follow these steps:

  1. Grant permissions: Start by granting the required permissions through the Microsoft 365 admin portal. Use the following link to initiate the consent process: Grant Permissions

  2. Activate synchronization in absentify: Go to Settings > Users in absentify and enable the manager and profile synchronization options to ensure alignment with Microsoft’s manager assignments and user profile information.

Changing a user’s manager in Microsoft

To update a user’s manager directly in Microsoft:

  1. Log in to the Microsoft Admin Portal.

  2. Go to Users > Active users.

  3. Select the user, then click Edit manager or Add manager.

Once saved, these changes will automatically reflect in absentify, assigning the new manager as the approver.

Revoking permissions

If you need to revoke the User.Read.All permission for the absentify - Users Permission app, follow these steps:

  1. Access Azure Active Directory: Log in to the Azure portal with your Microsoft 365 administrator account.

  2. Navigate to Enterprise applications: In the left-hand menu, go to Azure Active Directory > Enterprise applications.

  3. Find and select absentify - Users Permission: Locate the absentify - Users Permission app (App ID: b163cce9-74dc-48b3-a04f-7a35ea72c451) in your list of applications.

  4. Manage permissions: Go to the Permissions section and select User.Read.All to revoke absentify’s access to manager and profile information.

Revoking this permission will disable manager and profile synchronization. Without it, profile updates in absentify will rely on user login events, while manager synchronization will require manual maintenance by HR or admin teams.

By granting and, if necessary, revoking the User.Read.All permission for the absentify - Users Permission app, you retain full control over manager and profile synchronization, ensuring efficient operations while upholding data security.

Was this page helpful?

Out-of-Office ReplyTeams & Entra ID Sync