User & Directory Sync
      Back to home
      1. Help Center
      2. Receive
      3. User & Directory Sync

      How to sync the recipient directory via Azure?

      This is a step-by-step guide for integrating your Azure Active Directory with PackageX Receive to allow fetching information on Recipients and Users.

      Recipients are contacts that cannot login to the application. They can potentially include the full directory. Enabling this integration removes the need to manually create or update recipients, or import them via CSV file.

      Users are mailroom workers who can login to the PackageX dashboard/application using SSO. These only include the directory users that are assigned to the SSO Enterprise Application created in the Azure Portal.
      Configuring Single Sign-On (SSO) is a mandatory prerequisite.
      • You need to first provide your Enterprise Application in Azure permissions to access directory data Search “App Registration” in Azure Portal and open it.

        Untitled (27)

      • Click “All applications” and search for your enterprise application and open it.

        Untitled (28)

      • Select “API Permissions” → “Add a permission” → “Microsoft Graph”

        Untitled (29)

      • Select “Application permissions”

        Untitled (30)
      • For syncing Recipients only, the following permissions are required:
        • GroupMember.Read.All
        • Group.Read.All
        • User.Read.All
        Click on Add Permissions once done.

        Screen Shot 2022-11-07 at 1.36.13 PM (1)Untitled (32)
        Untitled (31)
      To Sync Users as well, in addition to above permissions you also need to allow, 
      •  Application.Read.All
        Untitled (33)

      Click on Add Permissions once done.

      • Open your Enterprise Application, select “Permissions”, then click “Grant admin consent for

        Name of your Azure Tenant

        Untitled (34)

      • A pop-up may appear asking you to verify identity. Click “Accept” once the review dialog appears.Untitled (35)

      Azure Tenant ID

      • You can look up your Azure Tenant ID in your Azure Portal, by searching for 'Tenant Properties'. Open them, and just copy & paste your tenant ID Untitled (36)

      Untitled (37)

      Azure Application ID and Azure Object ID

      • Open the enterprise application that you created for SSO in your Azure Portal
      • Select “Overview”
      • Copy the “Application ID” and “Object ID” and paste the values in your PackageX Portal
        Untitled (38)

      Azure Client Secret

      • Search for “App registrations” in the Azure Portal and open the section.
      • Select “All applications,” locate your enterprise application, and open it.
      • Navigate to “Certificates & Secrets” and select “New client secret.” Enter a clear description and set the desired expiration period. If the client secret expires, you must generate a new one. Click “Add” to complete the process.

        Untitled (39)

      • Copy and paste the “Value” of the secret to the PackageX Portal.

        Untitled (40)
      • Configure your sync preferences Screenshot 2023-01-19 1840222 (1)

      You may opt to sync a subset of your directory or sync full directory as Recipients.

      Sync directory users belonging to specific directory groups as recipients to specific locations:
      1. This option will require you to create (Contact) Groups in your directory, assign directory users to those groups, and then map those (Contact) Groups to PackageX Receive locations (more on this later)
      2. This option is good if you need segregation and want control of where recipients are created and also do not want your full directory to be replicated
      3. Directions to sync directory user groups as recipients to specific locations:
        1. On the Directory Configuration section Select “Sync directory users belonging to specific directory groups as recipients to specific locations” from Directory Sync Preferences section and click on the save changes.

      Screenshot 2025-08-19 at 4.40.50 PM

      Go to the “Map Directory Groups to Locations” Section. All locations of the tenants will be shown here. Click on the edit icon where you want to map the group of recipients. Screenshot 2025-08-19 at 4.49.24 PM

      • Select the directory group from the list. After selecting the directory group, the directory group will be shown in the Mapped Directory Groups section the right side of the modal. Screenshot 2025-08-19 at 5.01.15 PM

      • Once satisfied with your mapping, click Save
      Screenshot 2025-08-19 at 5.16.47 PM

      After saving you will be redirected to the main section and it will look like this.

      Screenshot 2025-08-19 at 5.26.31 PM

      Go to the Fetch and sync directory section and click on the Fetch Directory button to fetch the recipients from the the directory.

       

      Sync all directory users as recipients to all locations:

        1. This option simply replicates all the directory users to all PackageX Receive locations
          1. E.g. if there are 10,000 users in your directory and you have 10 locations in PackageX Receive, all 10,000 directory users will be created as recipients on all locations i.e. a total of 100,000 recipients
        2. Good if you do not have many locations or if you want a simpler sync process
        3. Not good if your directory has a lot of users
        4. Not good if a specific user (Recipient) in your directory should only be mapped to specific location

      Directory Sync Preferences: Configuration Toggles

      • Sync information on users who can use SSO to login to PackageX Receive
        • Requires the Application.Read.All Graph API permission
        • Enables a view where you can see which directory users can use SSO to login in PackageX Receive (i.e. the directory users assigned to the SSO application), and easily create those Users in the PackageX Receive without manually adding information
        • Does not automatically create Users, that is still a manual process as it require role selection etc
      • Allow CSV to update a recipient created via directory : Enables updates from a CSV upload to overwrite or modify recipient details that were originally created through directory sync.
      • Allow directory to update a recipient created via CSV : Allows the directory sync to overwrite or update recipient records that were first created from a CSV upload.
      • Deactivate recipients not found in directory / Deactivate recipients previously created via directory if not found in latest sync from directory : Automatically deactivates recipient accounts that no longer appear in the directory sync, ensuring that only active directory users remain valid recipients.

       

      Optionally configure Email Domain/Address filtering for SSO Users: Lets you restrict SSO access to users with specific email domains or addresses. This ensures that only approved users (e.g., those with a company email) can sign in through SSO.

      Screenshot 2023-01-19 184947 (1)

      Step 6

      • Click “Save Changes” in the top right once you are satisfied with your preferences

      Screenshot 2023-01-19 184947 (1)

      Azure AD Endpoint & Microsoft Graph API Endpoint

      • In most scenarios, the default pre-populated values will suffice. However, if your configuration requires custom endpoints for Azure AD or Microsoft Graph API, you may override these values as needed.
      • If the information provided is correct, directory will be integrated and toggle will turn to ON.
      • If the information provided is incorrect, you will be provided with an error message. E.g. you may be missing some required API permission, or the credentials and/or different Azure IDs added were invalid or mixed up.

      SSO & Directory Management Tips

      • You may choose to remove directory integration at any time by toggling it off
      • To turn it back on again, you will need to re-enter the information required
      • Removing SSO integration automatically removes the directory integration