How can I synchronize contacts from internal applications (behind a firewall)?

Introduction

In this guide, you will learn how to connect internal applications and data sources (for example Exchange, directories, CRM/ERP, databases, or PBX systems) behind your firewall with sync.blue®. The goal is to synchronize contacts securely, automatically, and without manual user steps to any target systems – such as mobile devices, telephone systems, CRM/ERP, or cloud apps. You will get an overview of the most common methods, their advantages and disadvantages, as well as tips for secure and stable operation.

Option A: sync.blue® ADDRESS BOOK (recommended)

What is the sync.blue® ADDRESS BOOK?

The sync.blue® ADDRESS BOOK is a central contact source and a flexible synchronization target provided by sync.blue®. You can merge contacts from any sources, maintain them in the browser as a team (even without admin rights), and then distribute them to any supported target.

• CSV import and export: Automated (e.g., via script/curl) or manual via upload.
• Team editing: Authorized colleagues maintain contacts directly on the web.
• No incoming internet connections to the internal network needed; data is transmitted selectively.

Further help articles

• How does the sync.blue® ADDRESS BOOK work?
• How does the CSV import of the sync.blue® address book work?

When is this useful?

• If you want to get started quickly without exposing infrastructure.
• If you need central maintenance and easy distribution to many targets.

Option B: Pre-sync to a central platform (e.g., Exchange/Microsoft 365) and then redistribute with sync.blue®

Many internal systems (such as Active Directory, directories, CRM/ERP, groupware, databases) offer built-in tools or integrations to initially synchronize contacts with a central platform (often Exchange/Microsoft 365). Once the contacts are there, sync.blue® takes over the redistribution to all desired target systems.

Examples

• Internal sources → Exchange/M365 (via built-in tools/middleware) → sync.blue® → targets (mobile devices, PBX systems, CRM, cloud apps)
• AD hybrid: On-prem AD → Entra ID (cloud) → sync.blue® distributes to further systems

When is this useful?

• If you already have a central platform in use and want to use it as a hub.
• If you need high flexibility for many targets and existing integrations.

Option C: Port forwarding

You can make an internal application (e.g., Exchange, SQL DB, PBX system) accessible to sync.blue® via port forwarding.

• Setup is done on the router or firewall; in sync.blue® you enter the public IP and port as the server.
• As a security best practice, you should only allow the official sync.blue® IPs: Which sync.blue IPs can I whitelist in my firewall?

When is this useful?

• If you want to access an internal application directly without detours.
• If you can cleanly restrict exposure with firewall rules.

Security and operation checklist

• Keep access and roles as minimal as possible, use service accounts instead of full access.
• Avoid incoming connections if possible (Options A/B); for Option C only allow sync.blue® IPs.
• Avoid duplicates, standardize mandatory fields (name, company, phone, email).
• Set up logs and alerts for failed runs, regularly perform spot checks.

Conclusion

For most scenarios, the sync.blue® Address Book (Option A) is the fastest and safest way to connect internal sources and distribute contacts to many targets without exposing your network. Option B is suitable if you already use a central platform. Port forwarding (C) is pragmatic if you work with clear firewall rules.

Questions or special requirements?

The sync.blue® team is happy to support you with architecture, security, and operation – from the internal source to the target system. Feel free to contact us here.