Knowledge Center
Back to the App
Knowledge Center
Back to the App
Getting Started
Getting started with IS-FOX
Training Management
OverviewWhat are default learning plans?Set up a learning plan or trainingCourse galleryEnroll employees into trainings or learning plansTraining completion remindersCompletion tracking and certificatesCompletion overview dashboard
Employee Management
Add Employees to IS-FOXRemove or edit employeesUser Provisioning
Subscription Management
Free trialLicense managementModify your subscription: Adjust license quantity and plansSubscription renewal & license management
Learning area
How do I access my courses?How do I log in to the learning area?How do the courses work?
Support and contact
Support and contact

User Provisioning

Provision your employees by integrating IS-FOX with your Human Resources Management System (HRIS) or your Identity Provider (IDP).

General Features

  • Provision your employees by integrating IS-FOX with your Human Resources Management System (HRIS) or your Identity Provider (IDP). 
  • Microsoft Entra (Active Directory) is enabled for Beta customers, and Personio integration is in-progress. 
  • If you want to be part of the private beta, please reach out to support@is-fox.de 

Prerequisites 

  • Administrative rights in your IDP or HRIS (e.g. Microsoft Entra). For Microsoft Entra, we need the following permissions: Application Administrator, Groups Administrator, User Administrator
  • Administrative rights in IS-FOX. 
  • Being part of the private beta. If you want to be part, please reach out to support@is-fox.de 

Private Beta v1.0 - Scheduled release end of October

Features

  • Provision employees from your HRIS or IDP to IS-FOX. 
  • Filter provisioning based on user groups. 
  • Update employee attributes in IS-FOX given changes in your HRIS or IDP. 

Set up

0. Before starting, we recommend setting a new group(s) in Microsoft Entra for the employees you want to be provisioned with this integration. 

1. Go to Settings -> Employees in the IS-FOX platform. Click on Configure HRIS / Directory Integration button. 

2. Select Microsoft Active Directory / Entra ID.

3. Insert your credential and configure the right permissions. After signing in with your HRIS provider, you will be redirected back to IS-FOX and you should see the page below:

4. Click "Filter Settings" and select the groups you want to sync users from. 

5. Once your groups are selected, click on "Sync now" for triggering the first sync. 

6. Whenever you add new users to your groups or delete users in your groups in Entra, you need to click on "Sync Now" to sync users. If you create a new group or delete a group: You need to deactivate and activate the integration to be able to see the updated group list and "Sync Now" again.

If you want to be part of the private beta, please reach out to support@is-fox.de 

Private Beta v2.0

Features

  • Improve UI for setting up the integration and filters. 
  • Automated syncing. 

Set up

0. Before starting, we recommend setting a new group in Microsoft Entra for this integration. 

1. Navigate to the employees section and open the employee creation modal. Click on "HRIS / Directory Integration". 

2. Select your integration provider. You need to select it before doing any other configuration steps. 

3. Select Microsoft Entra / Active Directory, and authenticate with your credentials and configure the right permissions. 

5. After the integration is successfully configure, you can select the groups you want to sync users from.

6. Optional: Set up automatic syncing (e.g. 24hrs). 

7. Click on  "Save and Sync" for triggering the first sync, and saving the settings for following automated syncs. 

If you want to be part of the private beta, please reach out to support@is-fox.de 

Managing the Integration

User Management

Employee Status

  • Synced Employees: Synced employees, are those employees which are linked by their User ID between IS-FOX and your HRIS or IDP. These employees are highlighted with a green dot over a link icon. 
  • Non Matching Employees: These are employees where we could not find a matching email or User ID. There could be many reasons for it: such as the employees being deleted from your HRIS, different emails between the platforms, etc. Please make sure that emails between systems match across all users. 
  • Terminated Employees: These are the employees where the account status is disabled or terminated in your HRIS or IDP. These employees are highlighted with a red dot over a link icon. 

Update Employee Attributes

Once an integration is configured and the syncing process is set up, the HRIS or IDP becomes the single-point-of-truth for users attributes. If the employee's name or email changes, it will be updated in IS-FOX.  

Deprovision Employees

We currently do not support user deprovisioning. If the employee is removed or deleted from your HRIS or IDP, we will flagged it as "non-matching" and you can delete the user manually if you´d like. We have deprovisioning settings in our next quarter roadmap. 

Removing integration

You can remove an integration at any time. All existing employees in IS-FOX will remain stored, but won't be synced any longer against your HRIS or IDP. 

FAQ

Overview & basics

What is the user provisioning feature?

It automatically creates and updates employee accounts in IS-FOX based on data from your HRIS or IDP, so employees stays in sync.  

What is unified.to and why do we use it?

unified.to is a unified API that connects to many HRIS and IDP systems through one integration. We use it to securely fetch normalized user and group data. Unified.to does not store or cache your employee data, it is directly transmitted to IS-Fox. For more information: Unified.to — Unified APIs for HR, ATS, CRM & Authentication

Supported providers & integration setup

Which HRIS and IDP providers are supported?

Currently only Microsoft Entra (Microsoft Active Directory). But most systems are supported via Unified.to, including HRIS like Personio (In progress) and IDPs like Google Workspace. If you want your provider to be supported contact us at support@is-fox.de 

Do we need to build an integration ourselves?

No. Admins connect their HRIS or IDP through our setup flow, authorize read access, and we handle the rest via Unified.to.

What permissions are required in the HRIS/IDP?

Typically read-only access to users and user groups. 

Specifically for Microsoft Entra, we need the following permissions: Application Administrator, Groups Administrator, User Administrator

Does this replace SCIM?

You don’t need to set up SCIM for inbound provisioning to IS-FOX. We pull user data via Unified.to. If you already use SCIM for other apps, reach out to us at support@is-fox.de

Data, mapping & identity matching

What user data do you fetch?

We only fetch user ID, first name, last name, display name, employment status and email for the user object, and group ID and name for the group object. 

Can I decide and filter who is provisioned?

Yes. We support group-based filtering. We retrieve users from your connected HRIS or IDP to evaluate group membership, but only create, update, and sync accounts for users in the groups you select. Users outside those groups are ignored and not persisted.  Unified.to does not store or cache your employee data, it is directly transmitted to IS-FOX. For more information: Unified.to — Unified APIs for HR, ATS, CRM & Authentication

How is data fetched, normalized and mapped?

Unified.to provides a normalized schema. We then apply default mappings and group filters. 

How do you match users to existing accounts?

We match on a primary key (email or user ID). During the first sync, we match the users from HRIS to the existing employees in your IS-FOX account using the email address. After the initial matching, follow-up syncs use the User ID from your HRIS/IDP. 

How are custom attributes handled?

We do not support custom attributes. We only fetch user ID, first name, last name, display name, employment status and email for the user object, and group ID and name for the group object. 

Sync, events & reliability

How often does data sync?

Currently syncs are done manually whenever you need them. In the future, we will automate this procedure with frequent periodic syncs (e.g. every 24hrs).

Is provisioning real-time?

No, currently provisioning only occurs when you manually trigger it. In the future, we will we run frequent periodic syncs and you can adjust cadence based on your needs.

What happens during the initial import?

  1. We fetch all users and groups. 
  2. We filter those users based on your group selection. 
  3. We create the new users in IS-FOX, and match the currently existing users based on their email. After matching, we assign them the User ID from your HRIS/IDP. From this moment on, we will use the User ID as the relationship key. 
  4. If we cannot match a given user, we will flag it as "non-match". Non matching users will not be synced. 

What happens with Nested Groups?

We do not support Nested Groups. Because of this, the nested groups will be flattened, and you will see them available for filtering in a non-hierarchical way. 

Do you support group or team syncing?

Currently, you can filter employees by their group and sync them accordingly. However, the group concept is not yet supported within IS-FOX after syncing. Group syncing and group-based training enrolments are part of our upcoming roadmap for the next quarter.

If you're interested in syncing groups or enabling group-based training assignments, feel free to reach out to us at support@is-fox.de — we’d love to hear from you!

Lifecycle changes & offboarding

How do you handle email or name changes?

We update based on the User ID. Email or name changes on your HRIS and IDP will be propagated to IS-FOX. 

How does offboarding/deprovisioning work?

When a user is deleted on your HRIS or IDP, we will flag it as "non-matching" in IS-FOX, so you can manually delete it. In the upcoming months, we will release a feature to configure your deprovisioning policy e.g. deleting, disabling, etc.  We currently do not support user status changes to terminated or reaching an end date. If you have specific requests regarding this feature, please reach out to support@is-fox.de 

Additionally, users marked as disabled in Entra will be flagged as terminated in IS-FOX, indicated by the icon below:

Can contractors and external users be included?

Yes, as long as they exist on your HRIS or IDP tenant, you can provision them. A good idea is to create a user group only for them. 

Multiple sources

Can we connect both an HRIS and an IDP?

No. You can only have one system as the source of truth 

Data flow direction

Do you write changes back to the HRIS/IDP?

No. We read from your HRIS/IDP to provision users in IS-FOX. We do not modify records in your HRIS or IDP. We are evaluating writing course completion events on our customers HRIS, if you are interested please reach out to support@is-fox.de 

Multi-tenant

What about subsidiaries or multi-tenant organizations?

We do not support multiple tenants, if you are interested in this feature please reach out to support@is-fox.de 

Security, compliance & residency

 

Do you support GDPR and data protection requirements?

We minimize personal data, support deletion requests, and offer a Data Processing Agreement. 

Where is data stored and processed?

We only store the attributes needed for provisioning. For the user object: first name, last name, display name, employment status, email and user ID. For the group object: name and group ID. 

Admin controls

Can admins override the synchronization?

Yes but partially. Admins can manually create new employees. As soon as there is a new sync triggered, the new employees will be match to the HRIS or IDP. From then, the HRIS or IDP becomes the single-point-of-truth. 

How do we disconnect the integration?

You can revoke access in the employees settings page. After disconnection, no changes will sync.

Was this article helpful?

English
Powered by Product Fruits