User AD attributes & Tokens

CodeTwo Email Signatures for Office 365 allows you to add Active Directory attributes of your users to their email signatures.

The program supports all the single-value attributes available in Office 365 (Azure AD) and Azure AD Graph API. Multivalue attributes are not supported (learn more). By default, the most common attributes related to message sender and message properties are available in the signature template editor. Custom attributes may require additional configuration to be accessible, as described later in this article.

You can manage how attributes are synchronized with the program on the User AD attributes & Tokens page of your tenant (Fig. 1.). This page is divided into several sections - use the links below to learn more about each section.

ESIG for O365 User AD attributes & Tokens page
Fig. 1. The User AD attributes & Tokens page in the Admin Panel.

Azure AD cache

The application stores required user attributes in an internal cache and automatically synchronizes them with your tenant's Azure Active Directory every 60 minutes. This is necessary both to quickly add signatures with placeholders to emails sent by specific users based on current rules, and to keep Azure AD load at a minimum. If necessary, you can manually update the Azure AD cache via the Update cache manually now button (Fig. 2.). Learn more about the Azure AD cache

ESIG for O365 user attributes - AD cache
Fig. 2. The Azure AD cache section.

OAuth 2.0 tokens

To read users' Active Directory attributes, the program accesses them via OAuth 2.0 access tokens. These tokens are generated by Microsoft’s trusted OAuth servers for global admin accounts of your tenant.

Important

Your credentials are completely safe as they are passed directly and only to Microsoft servers, which is ensured by the Azure's OAuth 2.0 authorization. CodeTwo does not store, copy or have access to your global admin credentials.

Refreshing tokens

Access tokens can be valid up to 90 days. You need to refresh them periodically or the application won't be able to read the values of user AD attributes. This may lead to outdated user information appearing in your signatures.

You will receive several email notifications before, when and after your tokens expire. These messages will contain a link to a website that allows you to refresh your tokens.

You can refresh the tokens (anytime and for any of your tenants) directly on the User AD attributes & Tokens page of a tenant (Fig. 3.). When refreshing tokens, the Microsoft sign-in screen appears and you need to log in. Be sure to select the work account that belongs to a global admin of this tenant.

ESIG for O365 user attributes - tokens
Fig. 3. The OAuth 2.0 tokens section.

Custom attributes

CodeTwo Email Signatures for Office 365 lets you use your own Active Directory attributes when composing signatures. These custom attributes (also known as Directory extension attributes) include, for example: CustomAttribute1-15, Initials, HomePhone, Notes, Pager, WebPage, etc. (Fig. 4.).

ESIG 365 - placeholders with custom attributes
Fig. 4. Custom Active Directory placeholders (some of them are highlighted) are only available if your environment is correctly synchronized.

If you want to use custom AD attributes in email signatures, you have to make sure they are in sync with the program. Otherwise, they will not be displayed in the signature template editor. Correct synchronization depends on your environment.

Important

Custom attributes can only be used in email signatures. These attributes are not available when defining conditions (such as an Azure AD filter for message senders) of an email signature rule.

Environments syncing via Azure AD Connect

In hybrid environments (which synchronize from on-premises to the cloud) it is essential to correctly configure Microsoft Azure Active Directory Connect. By default, custom attributes defined in your on-premises Active Directory are not synced to your Azure Active Directory. Therefore, they are not available to CodeTwo Email Signatures for Office 365 and you are not able to add custom placeholders in the signature template editor.

Our program lets you verify if custom attributes are synchronized. To do that, open CodeTwo Admin Panel, enter the management pages of a chosen tenant by clicking the Manage tenant (ESIG for O365 settings button2 13px) button next to the tenant's name, then select User AD attributes & Tokens from the left menu. If your custom attributes are not synced, the section looks as shown below (Fig. 5.).

ESIG for O365 Custom Attributes not configured
Fig. 5. The Custom attributes section in a hybrid environment before the configuration of Azure AD Connect.

Info

If you do not see the Custom attributes subsection in User AD attributes & Tokens (Fig. 5.), contact CodeTwo Support.

To synchronize custom attributes, open your Azure AD Connect. First, enable the Directory extension attribute sync feature in the Sync, Optional Features section, as shown in Fig. 6.

Configuration of Azure AD Connect, step 1.
Fig. 6. Configuration of Azure AD Connect, step 1.

Second, navigate to the Directory Extensions section (Fig. 7.) by clicking Next. Select your custom attributes from the list on the left (you can choose any attributes from the list but they need to be single-valued to work) and move them to the list on the right. Complete the wizard by clicking Next.

Configuration of Azure AD Connect, step 2.
Fig. 7. Configuration of Azure AD Connect, step 2.

When you finish the configuration, your custom attributes will be synchronized with Azure AD (Fig. 8.) and the corresponding custom placeholders will be available in the signature template editor. See this article to learn how to add them to your signatures.

ESIG for O365 Custom Attributes hybrid configured
Fig. 8. The Custom attributes section in a hybrid environment after successful configuration of Azure AD Connect.

Environments without Azure AD Connect (cloud environments)

By default, in environments that do not use MS Azure AD Connect (non-hybrid/cloud-based environments) custom attributes are not synced to CodeTwo Email Signatures for Office 365. PowerShell commands have to be used to access these attributes. That is why our program features a ClickOnce application called CodeTwo Email Signatures for Office 365 - Custom Attributes Sync App. The app is installed locally and lets you quickly synchronize an additional set of custom attributes (Initials, Notes, P.O. Box, Pager, Web page, Web page as link, Home phone, Home phone as link, and CustomAttribute1-15) so that you can use them in your Manage Signatures App.

To install the application, open CodeTwo Admin Panel, go to the Tenants tab, and enter the management pages of your tenant by clicking the Manage tenant (ESIG for O365 settings button2 13px) button next to the tenant name. Select User AD attributes & Tokens from the left menu and click the Synchronize attributes button located at the bottom (Fig. 9.). This will allow you to download and run the installer.

ESIG for O365 Custom Attributes non-hybrid
Fig. 9. The appearance of the Custom attributes section in a non-hybrid environment.

Info

If you work in a non-hybrid/cloud environment but the Synchronize attributes button is not displayed in the Custom attributes section, contact CodeTwo Support.

After the Custom Attributes Sync App is installed, it starts automatically (you can also launch it directly from the Windows Start menu at any time). A simple wizard guides you through the configuration process (Fig. 10.).

ESIG for O365 Custom Attributes Sync App 1
Fig. 10. CodeTwo Email Signatures for Office 365 - Custom Attributes Sync App.

In the Azure AD login step, provide your Office 365 admin credentials (Fig. 11.). The application will use these credentials to access the Azure AD attributes you want to synchronize. Make sure the admin account has appropriate roles assigned in order to access your Office 365 users and mailboxes. If this account has multi-factor authentication (MFA), you need to temporarily disable it.

Important

CodeTwo does not store, copy or have access to your admin credentials. This personal data is used to access your Azure AD via PowerShell, using standard Microsoft procedures. If you select the option to store your credentials in the program, they will be encrypted and kept only locally.

ESIG for O365 Custom Attributes Sync App 2
Fig. 11. Providing admin credentials for accessing Azure AD data.

Now, you need to allow the app to connect to CodeTwo Email Signatures for Office 365 in order to synchronize your Azure AD data. To do so, move on to the next step (CodeTwo login) and click Log in with Office 365 account (Fig. 12.). The Office 365 sign-in page opens. Provide the credentials of an Office 365 account that is authorized to access the Manage Signatures App, and sign in. Click Next to proceed to the last step of the wizard.

ESIG for O365 Custom Attributes Sync App 3
Fig. 12. Logging in to the Manage Signatures App.

In the Synchronization step, click Synchronize. Your custom attributes will be synchronized to the Azure AD cache (Fig. 13.). The application tells you when the process is complete and how many users have been synchronized. Click Close to complete the wizard.

ESIG for O365 Custom Attributes Sync App 4
Fig. 13. Custom attributes synchronization in progress.

You need to run the Custom Attributes Sync App each time you modify your custom attributes and want to make them available to CodeTwo Email Signatures for Office 365. Such a solution protects your data - you enter your admin credentials only when they are required for the synchronization.

Important

Remember to enable your MFA after the synchronization in case it has been disabled earlier.

Shared mailboxes are currently not supported by the Custom Attributes Sync App.

See also

How to use AD attributes in the signature template editor

Was this information useful?