Microsoft Azure SCIM Provisioning

You can further enhance your OfficeRnD Hybrid Azure SSO with SCIM user provisioning. The Azure AD Provisioning Service provisions users to SaaS apps and other systems by connecting to a System for Cross-Domain Identity Management (SCIM) 2.0 user management API endpoint provided by the application vendor. This SCIM endpoint allows Azure AD to programmatically create, update, and remove users. In this article, you'll learn how to take advantage of this functionality when enabling SSO Authentication

Table of Contents

Enable SCIM

  1. Set up SSO with Microsoft Azure
  2. Navigate to Settings/Integrations and click Configure on your existing SSO Authentication integration.
  3. Check the Enable SCIM option

mceclip0.png

 

Azure Active Directory Set Up

  1. Open Azure Active Directory and select Enterprise applicationsmceclip1.png
  2. Click + New application then + Create your own application.mceclip2.png
  3. Choose “Integrate any other application you don't find in the gallery (Non-gallery)” and click Create.
  4. Click Provisioning on the left-hand side menu and click Get started.mceclip3.png
  5. Switch the Mode to Automatic and fill in the following fields:
    • Tenant URL - copy the value from SCIM Base URL found in your existing SSO Authentication. integration.
    • SCIMSecret - copy the value from SCIM Secret found in your existing SSO Authentication. integration.
  6. Test Connection - if the test is successful, there will be a green tick in the display name
  7. Click Save.
  8. Navigate to Provisioning/Manage provisioning/Edit attribute mappings/Mappings and click Provision Azure Active Directory Users.mceclip0.png
  9. Change the one mapped to “external id” to source ObjectID.
  10. Change the one mapped to “active” to the expression Not([IsSoftDeleted]).
  11. Delete all irrelevant so that you are left only with the ones on the screenshot:mceclip1.png
  12. Navigate back to Provisioning/Manage provisioning/Edit attribute mappings/Mappings and click Provision Azure Active Directory Groups
  13. Click show advanced settings and click Edit attribute list for customappsso.
  14. Go to the members row and in the column Reference Object Attribute remove the first checkbox “Group”
  15. Create new attribute “description”, type “stringmceclip3.png
  16. Click Save.
  17. As an optional step, you can map the source description to the new description attribute.mceclip4.png
  18. Add your Active Directory Users and Groups.mceclip5.png
  19. Navigate to Provisioning and click Start Provisioning.
Important: Please make sure to manage and edit employees only in your Azure Active Directory. Any edit made on our end will be overwritten with the data from Azure upon the next sync.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.