Microsoft Azure SCIM Provisioning

You can further enhance your OfficeRnD Hybrid Azure SSO with SCIM user provisioning. The Azure AD Provisioning Service provisions users to SaaS apps and other systems by connecting to a System for Cross-Domain Identity Management (SCIM) 2.0 user management API endpoint provided by the application vendor. This SCIM endpoint allows Azure AD to programmatically create and update users. In this article, you'll learn how to take advantage of this functionality when enabling SSO Authentication

Table of Contents

Enable SCIM

  1. Set up SSO with Microsoft Azure
  2. Navigate to Settings/Integrations and click Configure on your existing SSO Authentication integration.
  3. Check the Enable SCIM option



Azure Active Directory Set Up

  1. Open Azure Active Directory and select Enterprise applicationsmceclip1.png
  2. Click + New application then + Create your own application.mceclip2.png
  3. Choose “Integrate any other application you don't find in the gallery (Non-gallery)” and click Create.
  4. Click Provisioning on the left-hand side menu and click Get started.mceclip3.png
  5. Switch the Mode to Automatic and fill in the following fields:
    • Tenant URL - copy the value from SCIM Base URL found in your existing SSO Authentication. integration.
    • SCIMSecret - copy the value from SCIM Secret found in your existing OfficeRnD SSO Authentication integration.
  6. Test Connection - if the test is successful, there will be a green tick in the display name.
  7. Click Save.
  8. Navigate to Provisioning/Manage provisioning/Edit attribute mappings/Mappings and click Provision Azure Active Directory Users.mceclip0.png
  9. Change the one mapped to “external id” to source ObjectID.
  10. Change the one mapped to “active” to the expression Not([IsSoftDeleted]).
  11. Delete all irrelevant so that you are left only with the ones on the screenshot:mceclip1.png
  12. Navigate back to Provisioning/Manage provisioning/Edit attribute mappings/Mappings and click Provision Azure Active Directory Groups
  13. Click show advanced settings and click Edit attribute list for customappsso.
  14. Go to the members row and in the column Reference Object Attribute remove the first checkbox “Group”
  15. Create new attribute “description”, type “stringmceclip3.png
  16. Click Save.
  17. As an optional step, you can map the source description to the new description attribute.mceclip4.png
  18. Add your Active Directory Users and Groups.mceclip5.png
  19. Navigate to Provisioning and click Start Provisioning.
Important: We recommend managing and editing employees only in your Azure Active Directory. 
Please bear in mind that if an employee leaves the company and their profile is deleted from the Active Directory, they will not be deleted from OfficeRnD Hybrid but will be labeled as Former. If they had any bookings in the system, they will be kept as well. Any future bookings of the said employee must be canceled manually.
Was this article helpful?
1 out of 1 found this helpful



Please sign in to leave a comment.