1. Three layers in the Joinly architecture

Joinly is built from three logical layers that work together:

1. The source systems (HR)
   HR systems such as AFAS, Visma, or Nmbrs provide the employee data.
   Joinly retrieves this data via a secure API connector.

2. The Joinly Core (processing layer)
   This is where the logic happens. Joinly compares HR data with the current situation in Microsoft Entra ID and determines what needs to change.
   This part includes:

   • The lifecycle engine (joiners, movers, leavers)

   • The mapping engine (translating fields and rules between systems)

   • The provisioning engine (creating, updating, deactivating accounts)

3. The target systems (targets)
   These are systems where Joinly manages accounts, such as Microsoft Entra ID, Active Directory, Exchange, or SaaS apps via SCIM.

2. HR-driven provisioning as a starting point

Most organisations use HR as the source of truth.
When HR registers a change (for example, a new employee or job change), Joinly detects this and initiates a provisioning flow.

Joinly then determines:

• Which accounts need to be created or modified

• Which rights and groups are associated with that

• Which licences need to be assigned

This logic is stored in the Joinly Core and can be extended per organisation with rules, approvals, or exceptions.

3. Delta API for efficiency

Joinly uses the Delta API from Microsoft Entra ID to retrieve only changes.
Instead of reading all users again every night, Joinly asks:

“What has changed since the last time?”

This makes the system fast, efficient, and scalable, even with thousands of users.

4. Secured communication

All communication takes place via secure HTTPS connections with OAuth 2.0 authentication.
Tokens are stored encrypted and renewed periodically.
No system gets more access than strictly necessary (least privilege).

When connecting to on-premises environments (such as Active Directory), Joinly uses:

• A hybrid connector or Azure Function in the customer environment

• Only outgoing connections, so no open ports from outside

5. Expandable via connectors and APIs

Joinly is built modularly.
New connections are added as connectors:

• HR connectors (AFAS, Visma, Youforce, Personio, etc.)

• Target connectors (Microsoft Entra, AD, HubSpot, Exact, Topdesk, etc.)

Each connector uses the same underlying provisioning framework, ensuring expansions remain consistent.

6. Summary

The architecture of Joinly is easy to visualize:

HR determines what changes

• Joinly Core translates and automates

• Changes are forwarded to Microsoft Entra ID/AD On Premise

• Users are forwarded from Microsoft Entra to Target systems and Microsoft Applications such as Teams, SharePoint, and Exchange with the correct rights

Conclusion

The power of Joinly lies in simplicity: HR provides the data, Joinly processes the logic, and via secure APIs all systems are kept up-to-date.
Whether that is in the cloud or on-premises, the architecture remains the same: secure, modular, and scalable.