User AD attributes & Tokens

CodeTwo Email Signatures for Office 365 allows you to add Active Directory attributes of your users to their email signatures. You can manage how these attributes are synchronized with the program on the User AD attributes & Tokens page of your tenant (see Fig. 1.). This page is divided into several sections - use the links below to learn more about each one.

Azure AD cache

The application stores required user attributes in an internal cache and automatically synchronizes them with your tenant's Azure Active Directory every 60 minutes. This is necessary both to quickly add signatures with placeholders to emails sent by specific users based on current rules, and to keep Azure AD load at a minimum. If necessary, you can manually update the AD Azure cache via the Update cache manually now button (Fig. 1.).

ESIG for O365 user attributes - AD cache
Fig. 1. The Azure AD cache section of the User AD attributes page.

OAuth 2.0 tokens

To read users' Active Directory attributes, the program accesses them via OAuth 2.0 access tokens. These tokens are generated by Microsoft’s trusted OAuth servers for global admin accounts of your tenant.

Important

Your credentials are completely safe as they are passed directly and only to Microsoft servers, which is ensured by the Azure's OAuth 2.0 authorization. CodeTwo does not store, copy or have access to your global admin credentials.

For additional safety, tokens are set to expire if users do not log in to our applications for a while. In the case of CodeTwo Email Signatures for Office 365, these tokens can be valid up to 90 days. You need to refresh the tokens periodically or the application won't be able to read the values of user AD attributes. This may lead to outdated user information appearing in your signatures.

Info

You will receive several email notifications before, when and after your tokens expire. These messages will contain a link to a website that allows you to refresh your tokens.

You can also refresh the tokens (anytime and for any of your tenants) directly on the User AD attributes & Tokens page of a tenant (Fig. 2.).

ESIG for O365 user attributes - tokens
Fig. 2. The OAuth 2.0 tokens section.

Custom attributes

CodeTwo Email Signatures for Office 365 lets you use your own Active Directory attributes when composing signatures. These custom attributes (also known as Directory extension attributes) include, for example: CustomAttribute1-15, Initials, HomePhone, Notes, Pager, PostOfficeBox, WebPage, etc.

If you want to use custom attributes in the signature editor, you have to make sure they are in sync with the program. Correct synchronization will depend on your environment.

Hybrid environments

If you have a hybrid environment, it is essential to configure Microsoft Azure Active Directory Connect properly. By default, custom attributes defined in your on-premises Active Directory are not synced to your Azure Active Directory. Therefore, they are not available to CodeTwo Email Signatures for Office 365 and you are not able to add custom placeholders in the signature editor.

Our program lets you verify if custom attributes are synchronized. To do that, open the User Panel, enter the management pages of a chosen tenant by clicking the Manage tenant (ESIG for O365 settings button2 13px) button next to the tenant's name, then select User AD attributes & Tokens from the left menu. If your custom attributes are not synced, the section will look like below (Fig. 3.).

ESIG for O365 Custom Attributes not configured
Fig. 3. The Custom attributes section in a hybrid environment before the configuration of Azure AD Connect.

Info

If you do not see the Custom attributes subsection in User AD attributes & Tokens (Fig. 3.), contact CodeTwo Support.

To fix the synchronization problem, open your Azure AD Connect. First, enable the Directory extension attribute sync feature in the Sync, Optional Features section, as shown in Fig. 4.

Configuration of Azure AD Connect, step 1.
Fig. 4. Configuration of Azure AD Connect, step 1.

Second, navigate to the Directory Extensions section (Fig. 5.) by clicking Next, select your custom attributes (e.g. extensionAttribute[1-15], initials or homePhone) from the Available Attributes list on the left and move them to the Selected Attributes list on the right. Finally, complete the wizard by clicking Next.

Configuration of Azure AD Connect, step 2.
Fig. 5. Configuration of Azure AD Connect, step 2.

When you finish the configuration, your custom attributes will be synchronized with Azure AD (Fig. 6.) and the corresponding custom placeholders will be available in the signature editor. Click here to learn how to add them to your signatures.

ESIG for O365 Custom Attributes hybrid configured
Fig. 6. The Custom attributes section in a hybrid environment after successful configuration of Azure AD Connect.

Non-hybrid environments

By default, in non-hybrid (cloud) environments custom attributes are not synced to CodeTwo Email Signatures for Office 365. Using PowerShell commands is necessary to access them. That is why our program features a ClickOnce application called CodeTwo Email Signatures for Office 365 Custom Attributes Sync. The app is installed locally on your computer and lets you quickly synchronize custom attributes using a 3-step wizard (Fig. 7.).

ESIG for O365 SyncApp2
Fig. 7. CodeTwo Email Signatures for Office 365 Custom Attributes Sync.

To install the application, open the User Panel and enter the management pages for your tenant by clicking the Manage tenant (ESIG for O365 settings button2 13px) button. Select User AD attributes & Tokens from the left menu and click the Synchronize attributes button located at the bottom (Fig. 8.).

ESIG for O365 Custom Attributes non-hybrid
Fig. 8. The Custom attributes section in a non-hybrid environment.

Info

If you do not see the Custom attributes subsection in User AD attributes & Tokens (Fig. 8.), contact CodeTwo Support.

After the app is installed, you can launch it directly from the Start menu. A simple wizard guides you through the configuration. Once you enter your global admin credentials (Fig. 9.) the program will synchronize your custom attributes to the Azure AD Cache (to learn more about the program's components, click here).

Important

CodeTwo does not store, copy or have access to your global admin credentials. These personal data are used to access your Azure AD via PowerShell, using standard Microsoft procedures. If you select the option to store your credentials in the program, they will be encrypted and kept only locally.

ESIG for O365 SyncApp2
Fig. 9. CodeTwo Email Signatures for Office 365 Custom Attributes Sync requires global admin credentials to sync your attributes.

You need to run the Custom Attributes Sync application each time you modify your custom attributes and want to make them available to CodeTwo Email Signatures for Office 365. Such a solution protects your data - you enter your global admin credentials only when they are required for the synchronization.

Important

The Custom Attributes Sync application does not currently support multi-factor authentication (MFA). To use the program, you need to temporarily disable MFA for the global admin account of your tenant before you log in. Remember to enable your MFA after the synchronization.

Was this information useful?