Overview
The Group Filtering feature of Calliente allows administrators to limit contact synchronization to specific Microsoft Entra ID (formerly Azure AD) groups.
This ensures that only users belonging to specified groups receive contacts on their devices, enhancing the security, privacy, and relevance of synchronized data.
This function is particularly useful in large enterprises or multi-department structures, where not all users need access to the entire directory.
Key Benefits
🔒 Access Control – Only authorized users receive synchronized contacts
📱 Streamlined Synchronizations – Devices only load relevant contacts
🧩 Service Segmentation – Contacts can be filtered by team, role, region, or unit
⚙️ Simple Configuration – Managed entirely via the “admin interface”
How it Works
When Group Filtering is enabled:
- Calliente retrieves each user’s group membership via the Microsoft Graph API (
GroupMember.Read.All) - The app checks if the user belongs to one of the configured groups
- If yes, synchronization is performed — but only for contacts associated with these groups
- Users outside the authorized groups receive no synchronized contact data
🔐 No contact data is visible or transmitted to untargeted devices
How to Configure Group Filtering
Currently, configuration is not self-service. It is managed manually by our team based on the information you provide.
Steps to follow:
- Identify the Microsoft Entra ID (Azure AD) group IDs you wish to use as filters
- Send the list of Group IDs to our support via:
👉 https://calliente.app/en/contact/ - Our team will apply the configuration to your tenant
🔁 Changes will take effect during the next synchronization cycle and can be modified at any time by contacting us again.
✅ Any update is automatically propagated to affected devices.
Security Considerations
- Group memberships are read-only and securely retrieved via Microsoft Graph
- The Calliente application does not store complete contact lists — only filtered group IDs and device identifiers
- The feature respects Microsoft Entra’s Role-Based Access Controls (RBAC)
- No elevated rights are required beyond the already documented permissions
Usage Examples
| Scenario | Groups Used | Result |
|---|---|---|
| Synchronize only sales team contacts | Sales-EU, Sales-NA | Only sales team members receive contacts |
| Segmentation by office or site | London-Office, Berlin-Office | Contacts are filtered by physical location |
| Restrict synchronization to executive management | Executives, HR-Managers | Only these groups receive synchronized data |
Need Help?
If you need assistance configuring group filtering or wish to audit your current setup:
👉 Contact our team: https://calliente.app/en/contact/