When an employee leaves they hand back their laptop/phone etc. We need to login as the user to make sure all their documents are sync'd to M365 before we wipe the device. In order to do that we reset their password, and login to their laptop as them.
However, as the (ex)employee is tagged in personio as inactive / has a leaving date the AAD integration keeps disabling the account every time is syncs. (Not sure how often - every hour?)
Does anyone know a way around this? ie. breaking/suspending the sync to AAD for a user or setting the AAD sync so it only happens once per day?
Or some other work around.
Page 1 / 1
Dear @PresumptiveTrotter,
First, I wanted to give you a warm welcome to the Personio Community .
We are looking into the details of your inquiry and will share an answer with you soon.
Thank you very much for your patience!
Best,
Andrea
HI @PresumptiveTrotter,
there is currently no intended way to stop the sync between Personio and Azure AD.
However, what you could do is deleting the Personio ID from the respective Azure AD profile and changing the email address of the employee’s entry in Personio to a dummy-address. This would lead to Personio creating an entry in Azure AD with this dummy-address, which you could delete once you finished the offboarding.
The Personio ID can be found in the URL of the employee, when opening the profile in Personio. Here’s a screenshot created within my Personio testaccount with dummy-data:
I hope this solves your issue!
Best,
Christoph
Thanks @ChristophS
I already tried to just remove the employee ID but upon the next sync, Personio spotted the deletion & inserted the number again!
Rather than create multiple dummy accounts in AAD, I was wondering if I removed the employee ID from AAD AND changed the default user email address in AAD from <user>@domain.com to <user>@<tenant>.onmicrosoft.com - would that be enough for Personio to stop recognising the account & trying to sync with it?
Hey @PresumptiveTrotter,
this looks like a good idea to me and something that could work. However, since it's an edge case that we haven't had in this form yet, I'm afraid I can't tell you if it will actually work.
If you test it out, I would be very happy if you give me feedback once whether it worked or not, that would be interesting for me to know!
Best,
Christoph
It did not work @ChristophS
With hindsight I suppose it was obvious really. The Join between Personio & AAD is defined in the integration as the username (nb. NOT email address) = firstname.lastname@domain.com so it makes no difference what you change the email address to in M365, the integration still sees the account username & syncs the changes.
Your reply
Saw something fishy? 👀
Here's what to do when you come across a topic or comment that you think should be reported.
If you are a Personio customer please use the same email address for registration as in your Personio account. By doing so we can help you faster if we might need to check something in your account.
Do you already have an account? > Login
! Your public username cannot contain any personal information such as email or other private information! You can't change your username after registration.
Welcome to the Personio Voyager Community!
This is our service and networking community for all Personio users and HR Professionals. If you have not registered yet, please select "create an account"
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Scanning file for viruses.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
.