SCIM configuration with Azure Active Directory

  1. Login to Azure portal as an administrator of Azure Active Directory

  2. Go to Azure Active Directory

  3. Navigate to Enterprise applications

  4. Click on New application

    scim 1
  5. Click on Create your own application

    scim 2
  6. Click the Create button and wait for the application to be created

  7. Once the application is created navigate to Provisioning in the menu

    scim 3
  8. Click on Get started button to configure integration

  9. Select Automatic as provisioning mode

    scim 4
  10. Provide admin credentials that will be used to connect to DES SCIM endpoints.

    1. Tenant URL – this is the Base URL SCIM integration section

    2. Secret token – this is the Authorization token from the SCIM integration

  11. Click on Test connection and once successful click Save.

Once connectivity to DES has been configured, the SCIM integration is ready to be used. There might be additional needs to configure the following . User and group attribute mapping . Scope filters

User and group attribute mapping

Azure Active Directory SCIM integration comes with default mapping of AAD attributes to SCIM attributes which in many cases could be good enough but there might be situations where additional fine-tuning is required.

This can be done in Enterprise Application → Provisioning sections. Click on Edit user and group attribute mapping. This will open the configuration page for provisioning and allow altering mapping for users and groups in the Mappings section.

scim 5

Click on either Provision Azure Active Directory Groups or Provision Azure Active Directory Users to modify the default mapping.

scim 6

Scope filters

Scope filters is an additional configuration option that allows to control what users and groups are subject for provisioning. By default, users and groups assigned to application are automatically provisioned. Though this can be modified to provision all users and groups of the AAD.

scim 7

It is recommended to use Sync only assigned users and groups option as it allows for better control over who and what is provisioned.

Adding users and groups to be provisioned

Users and groups can be managed on application level via Users and groups menu option.

scim 8

In that panel, users and groups can be easily added and by that made into automatic provisioning into DES.