Overview
The group filtering feature of Calliente allows administrators to restrict contact synchronization to users belonging to specific Microsoft Entra ID groups (formerly Azure Active Directory).
This ensures that only authorized users receive business contacts on their devices, enhancing security, privacy, and the relevance of synchronized data.
This feature is particularly suited for medium to large organizations, as well as multi-department or multi-site environments, where access to the directory needs to be segmented.
Key Benefits
Access Control
Only users who are members of authorized groups receive synchronized contacts.Targeted Synchronization
Devices only download the contacts that are actually needed, reducing load and noise.Organizational Segmentation
Ability to filter contacts by team, role, region, entity, or business unit.Centralized Management
Configuration is applied at the tenant level and requires no action from the user side.
How Group Filtering Works
When group filtering is enabled:
- Calliente retrieves the user's group memberships via the Microsoft Graph API (
GroupMember.Read.All) - The application checks if the user belongs to any of the configured groups
- If so, synchronization is allowed and limited to contacts corresponding to those groups
- Users not part of the authorized groups do not receive any synchronized contacts
No contact data is visible, transmitted, or stored on non-targeted devices.
Configuring Group Filtering
The configuration of group filtering is currently not available as a self-service option.
It is carried out by the Calliente team based on the information provided by the organization.
Steps to Follow
- Identify the Microsoft Entra ID Group IDs to be used as filters
- Send the list of Group IDs to the Calliente team via:
https://calliente.app/en/contact/ - The configuration is applied at the level of your tenant
Changes take effect during the next synchronization cycle and can be adjusted at any time upon request.
Any updates are automatically propagated to the affected devices.
Security Considerations
- Group memberships are accessed in read-only mode via Microsoft Graph
- Calliente does not store complete contact lists
- Only configured group identifiers and anonymous device identifiers are used
- Filtering adheres to access controls and the RBAC model of Microsoft Entra ID
- No additional privileges are required beyond the already documented permissions
Use Case Examples
| Scenario | Groups Used | Outcome |
|---|---|---|
| Synchronize only the contacts of the sales team | Sales-EU, Sales-NA | Only members of the sales teams receive the contacts |
| Segmentation by office or site | London-Office, Berlin-Office | Contacts are filtered by location |
| Access restricted to executives | Executives, HR-Managers | Only these groups receive the synchronized contacts |
Need Help?
For assistance with configuration, a security review, or an audit of your current setup: