Azure Active Directory Integration: FAQs

What data does Nextiva store?

Nextiva stores data required for provisioning a User (Username, Last Name, First Name). Other information may be accessed to make logical decisions (e.g. whether a User should or should not be synced, which location to build a User in, etc.), but this information is not directly stored.

How does Nextiva manage security?

  • Nextiva uses Mutual Certificate Authentication (also called Mutual SSL Authentication), a two-way authentication that requires both parties to authenticate each other by verifying the provided digital certificate, to secure the connection during data transfer.
  • The production databases are currently maintained on-premise.
  • Data security is implemented at various levels with complex credentials and security through roles and privileges, database schema or user, OS, and at network levels with regular security compliance audits.
  • Regular audits ensure access is revoked from those who are no longer employed or who no longer need access to the database.
  • Ongoing monitoring for any security violations ensures additional compliance for Nextiva enterprise data.

How do I get Azure AD integration?

Just meet the prerequisites to ensure a successful integration. Speak with a Nextiva Account Executive to determine if prerequisites are met.


  • An active Azure Active Directory (Azure AD) account.
  • Must go through Onboarding where the Onboarding technician can perform a white-glove setup service.

NOTE: Azure AD Integration is not the same as Single Sign-On and does not support third-party identity providers.

Is there an extra cost for Azure AD integration?

There’s a one-time charge of $1,000 for the enablement of Azure AD integration. You must also have an active deployment of Azure AD (cloud-based, not on-premise).

Who would greatly benefit from Azure AD integration?

Any customer who actively uses Azure AD to manage Users would benefit from integration. Typically, this describes larger customers with more than 50 Users. 

Nextiva works just fine without AD.

What if I am an existing customer and want to integrate with Azure AD?

Great! Be sure to meet the prerequisites and feel free to request the integration by reaching out to a Nextiva Account Executive.

What do I need to know about my Azure AD implementation before beginning the setup process?

Collect the names of the following Azure AD attributes:

  • First Name
  • Last Name
  • Email Address
  • Location

What information will the Nextiva Onboarding Team need for integrating Azure AD with Nextiva?

  • First and Last Name, Email Address, and Location for all Users.
  • One-way (Azure AD to Nextiva) or Two-Way (Azure AD to Nextiva and Nextiva to Azure AD) synchronization goal.
  • (Phone number / DID) and extension only.

What are the Azure AD synchronization options?

Currently, there are three options:

  • Just in Time: (real-time, as soon as the User is updated the sync is automatically completed)
  • On-Demand: (Admin must manually select Reconcile to sync)
  • Batched: (Regular, scheduled intervals – every hour, every day, etc.)

If a User is deleted in Azure AD, will the User be deleted in the Nextiva Voice Portal?

  • If a User is deleted in Azure AD, they will be deleted from the Nextiva Voice Portal.
  • If the User is moved to a group in Azure AD that is not set up for synchronization, the User will be deleted from the Nextiva Voice Portal during the next reconciliation.
  • If a User is deactivated (not deleted) in Azure AD, the User cannot be deleted from the Nextiva Voice Portal and will continue to use a license.

Can an Azure Administrator deactivate a User in Azure AD and have that User remain in the Nextiva Voice Portal for a pre-determined amount of time?

Deactivated Users are not removed from the Nextiva Voice Portal. The Azure AD Administrator will need to manually move or delete the User to delete them from the Nextiva Voice Portal.

If a User is deleted in Azure AD, will the User’s Voicemails and Call Recordings be deleted from the Nextiva Voice Portal?

Voicemails and Call Recordings will continue to be available for deleted Users. By default, all call recordings will still follow the standard storage that was purchased (6 months, 1, 2, or 3 years).

How are ported phone numbers loaded into the Nextiva Voice Portal for assignment to Users?

The default porting process does not change when integrating with Azure AD.

How does the Nextiva Voice Portal handle group memberships and permissions in Azure AD?

Group memberships are preferred if there are company policies to deactivate (not delete) Users in Azure AD. To free up the license and remove the User(s) from the Nextiva Voice Portal, move the deactivated User(s) to a group that is not synchronized. After reconciliation, the User(s) are removed from the Nextiva Voice Portal.

Can the Nextiva Voice Portal integrate directly with my on-premise Azure AD deployment?

Currently, Nextiva only supports the cloud version of Azure AD. Nextiva does not support on-premise directory services currently.

How will I know if there are any problems syncing between the Nextiva Voice Portal and my Azure AD server?

Error messages are displayed during reconciliation.

Are synchronization logs available?

Yes. Please contact our Amazing Service Team at (800) 285-7995 or email [email protected] for assistance.

What Azure AD database attributes map to the Nextiva Voice Portal?

  • First Name
  • Last Name
  • Email Address
  • Location

What are Nextiva Voice Portal data elements mapped to Azure AD?

Only for two-way sync:

  • Extensions
  • Phone Numbers / DIDs

Can new Users be added that join the company after the initial synchronization?

New Users added to Azure AD will be imported after a reconciliation. Navigate to the Nextiva Voice Admin Portal and log in as an Administrator. Hover-over Users > Add Users. Select the Active Directory Integration radio button to locate new Users to add the Nextiva Voice Portal.

Can I add Users to Azure AD without assigning them a line of service license?

It is recommended that synchronization is organized by groups and not individual Users if Users are added to Azure AD but not to the Nextiva Voice Portal.

What are the attributes used to match Users to sync?

  • First Name (Azure AD is the Master of this record)
  • Last Name (Azure AD is the Master of this record)
  • Email Address (Azure AD is the Master of this record)
  • Extensions (if two-way sync, the Nextiva Voice Portal is the Master of this record – otherwise manually add to Azure AD)
  • Phone Numbers / DIDs (if two-way sync, the Nextiva Voice Portal is the Master of this record – otherwise manually add to Azure AD)

After integration, what fields within the Nextiva Voice Portal are no longer editable?

Since Azure AD is the “single source of truth,” first and last name, location, and email of synchronized Users are all controlled by Azure AD and cannot be edited in the Nextiva Voice Portal.

How does the Azure AD Administrator assign licenses to Users who are AD integrated?

Add the User(s) in the Nextiva Voice Portal, then follow the standard procedure to assign any licenses the User(s) will need.

What happens when we terminate service with Nextiva?  What happens to our data?  How do we revoke access to Azure AD?

Once service is terminated, no Users will exist in the Nextiva Voice Portal. To remove the association, delete the registration. Nextiva will remove the mapping upon the termination of service.

Does our company have to provide our Azure AD Admin ID and Password to Nextiva?

Nextiva uses a certificate-based system, so we will not need the Administrator credentials. The Administrator does need to complete the client-side setup.

What happens if I change the Location for a User?

If a User needs to move to a new Location, they need to be deleted and recreated.

Can I use my phone numbers and extensions in Azure AD to be mapped to the Nextiva Voice Portal? 

No. Phone numbers and extensions update manually in Azure AD (one-way sync) or pulled from the Nextiva Voice Portal (two-way sync).

Does adding Users in Office 365 for synchronization with Azure AD affect the Azure AD integration with Nextiva Voice Portal?

O365 does not affect Azure AD integration with Nextiva Voice Portal.

Our Azure AD Administrator just added a User in Azure AD.  Why isn’t the User in the Nextiva Voice Portal?

Likely, reconciliation has not taken place. Azure AD has not synched to let the Nextiva Voice Portal know of the changes. Reconcile the synchronization to resolve this issue.

Need additional help? Click here.

Was this article helpful?