Overview
Directory sync imports and keeps employee records up to date from your identity provider. TimeLeaf supports Azure AD (Entra ID) and Google Workspace as directory sources. Changes in your directory are reflected in TimeLeaf automatically. This feature is available on the Professional plan and above.
Azure AD / Entra ID sync
Connecting Azure AD
- Go to Settings > Integrations > Directory Sync.
- Select Azure AD / Entra ID as the provider.
- Click Connect. You are redirected to Microsoft's consent screen.
- Sign in with an Azure AD admin account and grant the requested permissions (User.Read.All, Group.Read.All).
- You are redirected back to TimeLeaf. The connection status shows as Connected.
What is synced
TimeLeaf reads the following from Azure AD:
- User profiles (display name, email, job title, department, office location, phone number)
- Group memberships (used for team mapping)
- Account status (active or disabled)
Google Workspace sync
Connecting Google Workspace
- Go to Settings > Integrations > Directory Sync.
- Select Google Workspace as the provider.
- Click Connect. You are redirected to Google's OAuth consent screen.
- Sign in with a Google Workspace admin account and grant the requested permissions.
- You are redirected back to TimeLeaf. The connection status shows as Connected.
What is synced
TimeLeaf reads the following from Google Workspace:
- User profiles (name, email, job title, department, location)
- Organizational units (used for team mapping)
- Account status (active or suspended)
Sync modes
Choose how much data to import under Settings > Integrations > Directory Sync > Sync Settings:
| Mode | Description |
|---|---|
| Users only | Import and update employee records. Teams are managed manually in TimeLeaf. |
| Users + Teams | Import employee records and create teams based on directory groups (Azure AD) or organizational units (Google Workspace). |
In Users + Teams mode, new groups/OUs create new teams in TimeLeaf, and team membership is kept in sync with group/OU membership.
Field mapping
Map directory fields to TimeLeaf employee fields under Settings > Integrations > Directory Sync > Field Mapping.
| Directory field | TimeLeaf field | Default mapping |
|---|---|---|
| Display Name | Full name | Automatic |
| Work email | Automatic | |
| Job Title | Job title | Automatic |
| Department | Department | Automatic |
| Office / Location | Location | Manual. select which TimeLeaf location maps to each office value |
| Phone | Phone number | Automatic |
| Manager | Reporting manager | Automatic (matched by email) |
Custom field mappings are also supported. If your directory has non-standard attributes, use the Custom Fields section to map them.
Automatic import
Once connected, TimeLeaf syncs with your directory on a schedule:
- Initial sync. runs immediately after connecting. All matching users are imported.
- Incremental sync. runs every 6 hours by default. Only changes since the last sync are processed.
- Manual sync. click Sync Now on the directory sync settings page to trigger an immediate sync.
New users in the directory are created as employees in TimeLeaf with a status of Pending Setup. Deactivated users in the directory are flagged for review but not automatically deactivated in TimeLeaf (see write-back below).
Write-back capability
By default, directory sync is one-way (directory to TimeLeaf). You can enable write-back to push certain changes from TimeLeaf back to your directory:
- Employee status changes (e.g., deactivation in TimeLeaf updates the directory)
- Department or job title updates
Enable write-back under Settings > Integrations > Directory Sync > Write-Back. Write-back requires additional permissions in your identity provider.
Directory sync does not overwrite manual edits in TimeLeaf by default. If you want the directory to be the authoritative source, enable Directory Wins mode in the sync settings. In this mode, any manual changes in TimeLeaf are reverted on the next sync.
Sync log
View all sync activity under Settings > Integrations > Directory Sync > Sync Log. Each entry shows the number of users created, updated, skipped, and any errors encountered. Failed syncs include detailed error messages for troubleshooting.