Schedule a Call
Schedule a Call

← Back to All Workflows

Sync Entra Users to Zammad with n8n Automation

This workflow automates syncing Microsoft Entra users from a specific group into Zammad user accounts, ensuring up-to-date helpdesk user data and eliminating manual errors and time delays.
httpRequest
zammad
if
+6
Download Workflow Free
Learn how to Build this Workflow with AI:
Workflow Identifier: 2211
NODES in Use: Manual Trigger, Sticky Note, HTTP Request, Split Out, If, Set, Zammad, Compare Datasets, Merge

Press CTRL+F5 if the workflow didn't load.

Visit through Desktop for Best experience

1. Opening Problem Statement

Meet Sarah, a busy IT admin at a fast-growing company using Microsoft Entra (formerly Azure AD) for identity management and Zammad for customer support ticketing. Managing user access and support requests means Sarah must keep Zammad user accounts synchronized with Entra user data manually—an error-prone, time-consuming task that results in outdated or missing users in Zammad. Sarah wastes hours every week checking user lists, creating new accounts, or deactivating old ones, which delays support response times and frustrates her team.

Sarah’s specific pain? Manually syncing Entra group users to Zammad takes at least 3-4 hours of tedious work weekly, leading to missed updates, potential compliance issues, and increased support overhead.

2. What This Automation Does

This n8n workflow automates the synchronization of users from a specified Microsoft Entra group into Zammad user accounts, managing creation, updates, and deactivation seamlessly. When triggered, it:

  • Fetches all Microsoft Entra groups and selects a designated group (e.g., “ENTRA”) for syncing.
  • Retrieves all users that belong to this selected group.
  • Fetches all active users from Zammad to compare.
  • Identifies users present in Entra but missing in Zammad and creates new Zammad users accordingly.
  • Updates existing Zammad users if user details have changed in Entra, including phone numbers and names.
  • Finds users who no longer belong to the Entra group and deactivates their Zammad accounts.

Benefits include saving Sarah up to 4 hours weekly, eliminating manual errors, and ensuring Zammad reflects the current state of Entra users automatically.

3. Prerequisites ⚙️

  • n8n Account with access to create workflows.
  • Microsoft 365 account with access to Microsoft Graph API (for Entra data) 🔐.
  • Zammad account with API token access 🔐.
  • OAuth2 credentials configured in n8n for Microsoft Graph API 🔐.
  • Zammad token authentication credentials set up in n8n 🔐.

4. Step-by-Step Guide

Step 1: Start with Manual Trigger

Navigate to your n8n workflow editor. Add a Manual Trigger node by clicking + Add Node → Core Nodes → Manual Trigger. This node initiates the sync workflow when you click “Execute Workflow” or “Test Workflow.”

Expected outcome: Workflow begins only when you manually trigger it, giving you control over sync timing.

Common mistake: Forgetting to trigger the workflow manually during testing.

Step 2: Fetch All Entra Groups

Add an HTTP Request node named Get Groups from Entra. Configure it with:

  • URL: https://graph.microsoft.com/v1.0/groups
  • Authentication: Use the Microsoft OAuth2 credential you configured.

This node calls Microsoft’s Graph API to get all groups in your Entra directory.

Visual: After running, you should see JSON data of groups including their IDs and display names.

Common mistake: Misconfiguring OAuth2 credentials results in 401 Unauthorized errors.

Step 3: Extract Group List Array

Add a Split Out node called Remove outer Array. Set the field to split out as value, which is the array holding groups.

This converts the groups array into individual group items for further filtering.

Step 4: Filter to Select Your Entra Group

Add an If node named Select Entra Zammad default Group. Configure the condition:

  • {{$json.displayName}} equals your target group name, e.g., “ENTRA”.

This filters down the groups to just the single intended sync group.

Step 5: Get Members of the Selected Group

Add another HTTP Request node named Get Members of the default group. Use this URL:

=https://graph.microsoft.com/v1.0/groups/{{ $json.id }}/members

Maintain the same OAuth2 credentials. This fetches all users in the selected Entra group.

Step 6: Extract Users Array From Entra Response

Add another Split Out node called Remove outer Array from Entra User, splitting the value array, which holds user objects.

Step 7: Validate User Exists

Add an If node (named simply If) to filter only valid user entries, checking if the JSON exists or is present.

Step 8: Set Zammad Universal User Object

Add a Set node named Zammad Univeral User Object. Map Entra user fields to Zammad user fields like this:

{
  entra_key: {{$json.id}},
  email: {{$json.userPrincipalName}},
  lastname: {{$json.surname}},
  firstname: {{$json.givenName}},
  mobile: {{$json.mobilePhone}},
  phone: {{$json.businessPhones[0]}}
}

This standardizes user data for downstream use.

Step 9: Retrieve All Active Zammad Users

Add a Zammad node named Get Zammad Users, operation getAll with returnAll true. Use your Zammad token API credentials for authentication.

Step 10: Filter Active Zammad Users Respective to Entra Sync

Add an If node named Select only active Users and entra_obect_type=”user”. Filter Zammad users that are both active and have custom Entra user attributes.

Step 11: Merge Zammad and Entra User Data

Add a Merge node named Merge. Configure it to combine data sets based on matching users by email.

Step 12: Identify New Users to Create

Add a Compare Datasets node named Find new Zammad Users to spot users in Entra but missing in Zammad. It compares on the email field.

Step 13: Identify Removed Users to Deactivate

Add another Compare Datasets node named Find removed Users to detect users present in Zammad but no longer in Entra. This identifies who to deactivate.

Step 14: Create New Zammad Users

Add a Zammad node named Create Zammad User, operation create. Map fields like firstname, lastname, email, phone, mobile, and custom fields for Entra data.

Step 15: Update Existing Zammad Users

Add a Zammad node named Update Zammad User, operation update with user ID from the merged data. Update user details and custom Entra fields.

Step 16: Deactivate Removed Users

Add a Zammad node named Deactivate Zammad User, operation update, setting “active” to false for users no longer found in Entra.

5. Customizations ✏️

  • Change Sync Group Name: In the Select Entra Zammad default Group node, update the group name condition from “ENTRA” to your target group to sync a different user set.
  • Include Additional User Fields: Modify the Zammad Univeral User Object Set node to include more user attributes like department or job title if available.
  • Sync User Roles in Zammad: Add or extend the Zammad nodes to update user roles or permissions based on Entra group or attributes.
  • Automate Triggering: Replace the Manual Trigger with a Schedule Trigger node for periodic automatic syncs.
  • Add Logging: Insert additional nodes to log actions performed on Zammad users for audit purposes.

6. Troubleshooting 🔧

Problem: “401 Unauthorized” from Microsoft Graph API

Cause: OAuth2 credentials are incorrect or expired.

Solution: Go to Credentials → Microsoft OAuth2 API in n8n, refresh or recreate credentials with correct permissions and test connection.

Problem: Zammad API returns error on user creation/update

Cause: Missing required fields or incorrect field mappings.

Solution: Check all required user fields in the Zammad node configuration and ensure mapping matches Zammad’s API docs.

Problem: Workflow does not trigger when clicked ‘Test workflow’

Cause: Manual Trigger node not started properly.

Solution: Make sure to click “Execute Workflow” after you add the manual trigger, not just saving the workflow.

7. Pre-Production Checklist ✅

  • Verify OAuth2 credentials for Microsoft Graph API have correct scopes for reading groups and members.
  • Check Zammad API token has permissions to read and write users.
  • Run test sync with a small, controlled Entra group to verify user creation, update, and deactivation.
  • Backup current Zammad user data before deploying full sync.

8. Deployment Guide

To deploy, enable the workflow and replace the Manual Trigger with a Schedule Trigger if you want it automated on a timer.

Activate the workflow by clicking Activate in n8n. Monitor executions via n8n’s execution list to review logs and errors.

9. FAQs

Q: Can I sync multiple Entra groups to different Zammad groups?

A: Yes, by duplicating this workflow and adjusting the group filter accordingly, or by adding logic to loop through multiple groups.

Q: Does this workflow consume API credits?

A: Microsoft Graph API usage is subject to rate limits, but typical group and user queries are low-volume. Zammad API calls depend on the number of users synced.

Q: Is my data secure in this sync?

A: All API tokens and credentials are securely stored in n8n. Data transfers occur over HTTPS.

10. Conclusion

By following this guide, you’ve automated syncing Microsoft Entra users in a specified group to your Zammad helpdesk system, streamlining user management and reducing manual workload for IT admins like Sarah. This saves significant time—up to several hours weekly—and prevents errors caused by out-of-date user information.

Next steps to consider include adding scheduled automation, syncing multiple groups, or extending user attributes synced for better customer support personalization.

With n8n’s flexibility and this workflow, you’re empowered to manage synchronization workflows confidently and efficiently.

Learn by Category

Sales →
Productivity →
Social →
Finance →
Marketing →
Content→
Recruitment →
Security →
SEO →
CRM →
Development →
Ecommerce →

Related Workflows

Automate Viral UGC Video Creation Using n8n + Degaus (Beginner-Friendly Guide)

Learn how to automate viral UGC video creation using n8n, AI prompts, and Degaus. This beginner-friendly guide shows how to import, configure, and run the workflow without technical complexity.
Form Trigger
Google Sheets
Gmail
+37
Free

AI SEO Blog Writer Automation in n8n (Beginner Guide)

A complete beginner guide to building an AI-powered SEO blog writer automation using n8n.
AI Agent
Google Sheets
httpRequest
+5
Free

Automate CrowdStrike Alerts with VirusTotal, Jira & Slack

This workflow automates processing of CrowdStrike detections by enriching threat data via VirusTotal, creating Jira tickets for incident tracking, and notifying teams on Slack for quick response. Save hours daily by transforming complex threat data into actionable alerts effortlessly.
scheduleTrigger
httpRequest
jira
+5
Free

Automate Telegram Invoices to Notion with AI Summaries & Reports

Save hours on financial tracking by automating invoice extraction from Telegram photos to Notion using Google Gemini AI. This workflow extracts data, records transactions, and generates detailed spending reports with charts sent on schedule via Telegram.
lmChatGoogleGemini
telegramTrigger
notion
+9
Free

Automate Email Replies with n8n and AI-Powered Summarization

Save hours managing your inbox with this n8n workflow that uses IMAP email triggers, AI summarization, and vector search to draft concise replies requiring minimal review. Automate business email processing efficiently with AI guidance and Gmail integration.
emailReadImap
vectorStoreQdrant
emailSend
+12
Free

Automate Email Campaigns Using n8n with Gmail & Google Sheets

This n8n workflow automates personalized email outreach campaigns by integrating Gmail and Google Sheets, saving hours of manual follow-up work and reducing errors in email sequences. It ensures timely follow-ups based on previous email interactions, optimizing communication efficiency.
googleSheets
gmail
code
+5
Free
Load More