I had a customer last year who told me their previous vendor spent five months trying to connect their HR system to Entra ID. Five months. The project involved three external consultants, a custom middleware layer, and a 40-page requirements document.
It was never completed. The vendor eventually said the HR system's API was "too limited" and recommended switching HR providers entirely. The customer, understandably, decided to switch identity vendors instead.
This story bothers me because it should not happen. Connecting an HR system to Entra ID — or Active Directory, if you are running hybrid, which most Nordic companies still are — is not a research project. At its core, you are syncing a few fields from one system to another and triggering some actions based on changes. Important, yes. But not five months of complexity.
Why it gets complicated anyway
There are real reasons this integration is harder than it sounds. I want to be honest about that.
HR data is messy. Start dates change. Job titles are inconsistent. Department names get renamed without anyone telling IT. Some employees have two records because they left and came back. Consultants might be in the HR system but should not get the same access as permanent staff.
Every HR system has a different API, a different data model, and a different idea of what a "user" looks like. If you are a Nordic company (and most Adcyma customers are), you might be running Personio, HiBob, SAP SuccessFactors, Sympa, Flex HRM, Hogia, or Visma. Each one works differently.
And then there are the edge cases. What happens when someone changes their surname? What about parental leave (which in Sweden can be long and split in various ways)? What if someone holds two positions? What about consultants in a separate system?
These are real questions. But here is the mistake I see over and over: teams try to solve every edge case before going live, and the project collapses under its own weight.
Start with four fields
When I help companies set this up, I say the same thing every time: start with four fields.
First name. Last name. Email. Department.
That is it. Get those four fields syncing reliably from HR to your identity platform. If you are hybrid, that usually means creating the account in Active Directory and letting Entra Connect sync it to the cloud. If you are cloud-only, it goes straight to Entra ID. Either way: make sure a new record in HR creates a user, and a termination in HR disables the account.
This alone changes how things work. Not because four fields are special, but because it establishes the connection and the process. Once the pipe is working, adding more fields is incremental.
Job title? Add it in week two. Cost centre? Week three. Manager relationship? Week four. Each addition is small and testable.
The five-month projects happen when teams try to map 30 fields on day one, handle every edge case upfront, and build custom logic for scenarios that affect two people.
The Nordic HR system reality
If you are in Sweden or the Nordics, you are probably not using Workday or Oracle HCM. The HR landscape here is different.
Microsoft's built-in HR provisioning in Entra ID supports a limited set of systems. SAP SuccessFactors has a native connector. Workday has one too. Most of the systems common in the Nordics do not.
For Personio, HiBob, Visma, Flex HRM, and the rest, you need something in between. A middleware that connects to the HR system's API, maps the relevant fields, applies your rules, and pushes changes to Active Directory, Entra ID, or both. This is (genuinely) a core part of what we built Adcyma to do, but there are other options as well.
The key thing to evaluate in any middleware: does it support your specific HR system with a pre-built connector, or does it require custom API development? Native connectors with ready-made field mappings save months compared to building integrations from scratch.
What the integration does day to day
Once it is running, a typical week looks like this:
Monday morning. HR enters a new employee starting on Wednesday. The integration picks up the new record, creates the Entra ID account with the right attributes, assigns the user to groups based on department, and triggers a welcome mail with login information.
Wednesday morning. The new person shows up and everything is ready. No IT ticket. No manual account creation. No "we will get to it this afternoon."
Tuesday the following week. HR processes a termination effective Friday. On Friday, the integration picks up the status change, disables the account, removes group memberships, and revokes licenses. Nobody has to remember. Nobody has to check a list.
That is the whole point. Changes in HR automatically become identity changes in Active Directory and Entra ID. No delay, no forgotten steps.
The 80/20 principle
You will not automate everything. Some edge cases genuinely need manual handling. The consultant with a non-standard setup. The executive with special access requirements. The summer intern who is in HR but should only get limited access.
That is fine. Automate the 80% that is routine. Handle the 20% by hand. That is still a massive improvement over handling 100% manually.
The mistake is refusing to automate the 80% because you cannot figure out the remaining 20%.
Start with first name, last name, email, department. Add the rest later.