If your organization uses Azure for rostering, you have the option to set up an Azure integration so that whenever someone uses their Microsoft 365 login, they will automatically join your school account on ThingLink. We will also attempt to automatically determine the user's account type.
- Availability
- How to set up the integration
- What happens after the integration is enabled
- What permissions & data are granted to ThingLink?
- What determines the user's account type?
Availability
This integration is available on the School & District plan as well as all paid eLearning plans.
How to set up the integration
- As the administrator of your ThingLink account, open the 'Organization' tab on the left.
- Select the 'Integrations' tab, then click the 'Edit' button next to the 'Azure tenant ID' row (see the interactive image below).
- Enter the Microsoft 365 organization ID (also known as Active Directory tenant ID) for your organization and click the 'Save changes' button at the bottom of the page. See the linked article or contact your IT department to learn where to find the organization ID.
- You will be redirected to sign in with your Microsoft account to allow ThingLink to use your organization's data. If you are an admin of your Microsoft/Azure tenancy, you can consent on behalf of your organization right here by ticking the box:
If you cannot grant consent on behalf of your organization, please go back to ThingLink, reach out to your Active Directory Global Administrator and ask them to grant tenant-wide admin consent to use ThingLink.
Another way to grant consent is to have your admin log into ThingLink with their Microsoft account. While logging in, they'll be asked to provide consent on behalf of their organization.
What happens after the integration has been enabled?
New users will join you automatically
Whenever somebody from your Office365 tenant creates a new ThingLink account using the 'Sign in with Microsoft' button, they are automatically added to your organizational account. If we can determine their account type, they won't have to go through the registration steps. If we are unable to determine their account type, they'll have to choose their role ('Teacher' or 'Student' for School accounts).
You can choose not to grant access to your roster data. In this case, teachers and students will be added to your School account but they'll be asked to choose between a teacher and student account.
Existing users will have to request to join you
Users who had a ThingLink account before you enabled the integration and are not part of your organizational account will see a prompt to join you:
If they request to join your organization, you will need to approve or reject their request via the Organization tab - Requests.
What permissions & data are granted to ThingLink?
ThingLink uses Graph API to receive data about your users and determine their account type. You Azure Admin can review what kind of data we are accessing at any point by going to Azure Portal - 'Enterprise apps' - 'ThingLink' - 'Permissions':
Note that we receive this data only when users sign up to ThingLink, meaning that we won't store any information about those who do not use the platform. ThingLink cannot and will not read your roster.
What determines the user's account type?
ThingLink uses Microsoft's GRAPH API for this integration. The user's account type on ThingLink is determined by their primaryRole / 'Education role' property. This property is set only if you are using Microsft School Data Sync (SDS). If your organization does not use SDS, then ThingLink will be unable to determine the user's role and ask the user to choose it during the registration process.
For more information on using SDS, please see this page.
Comments
0 comments
Please sign in to leave a comment.