LogoLogo
Get Demo
  • 💫NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • Azure Active Directory Configuration
  • Synchronization Users or Groups
  • Troubleshooting
  • How to Sync User's Timezone Info to Platform?
  • How to Group Users by Region / Country
  • Tutorial Video

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Platform
  3. Company
  4. Company Settings
  5. SCIM Settings

Azure AD SCIM Integration

PreviousGetting Started with SCIMNextOkta SCIM Integration

Last updated 29 days ago

Was this helpful?

This document shows step-by-step how to synchronize users' information from the Azure AD identity provider to the platform.

Please make sure to set up the mandatory settings from the ‘’ page in this document before proceeding to the following step.

Azure Active Directory Configuration

  1. Please log in to as an Admin and select Azure Active Directory under the Azure Services section.

  2. Click on Enterprise applications on the left-hand side of the screen.

  3. Click +New application to create an application for SCIM integration.

  4. Click on the +Create your own application to create an application.

    1. Enter a name for the application.

    2. Select ‘Integrate any other application you don't find in the gallery (Non-gallery)’ option.

    3. Click the Save button to create the application.

  5. Click on the application to enter the application settings.

    1. Select the ‘Provisioning’ menu from the left side.

    2. Click the ‘New Configuration’ button and then enter the following information.

    3. Tenant URL: https://scim-api.keepnetlabs.com/scim

    4. Secret Token: Enter the token which was created on the platform.

    5. Provisioning Status: If this option is "Off", please switch it to "On" status.

    6. Click the ‘Test Connection’ button to test your configuration. If it’s successful, click the Save button to save settings.

  6. Before starting the synchronization, set the synchronization type in the application.

    1. Click the ‘Edit Provisioning’ button and then under Settings, you can see the ‘Scope’ setting.

    2. You can select an option to synchronize users to the platform.

      1. If you select, ‘Sync all users and groups’, all users or groups that are available in the Azure AD will be synchronized to the platform. This option might be dangerous for your platform license count.

      2. If you select, ‘Sync only assigned users and groups’, only specific assigned users or groups to the application will be synchronized to the platform.

Synchronization Users or Groups

  1. Depending on your ‘Scope’ selection, you can assign your users or groups to the application by clicking the Users and Groups menu under the Manage column on the left and then click the ‘Start Provision’ button to start synchronization.

  2. You can see target users on the platform approximately in a few minutes. The Azure AD rechecks the application for new users, changes or deleted users every 40 minutes.

Troubleshooting

If a user can not be synchronized to the platform, please check the following settings.

  1. The user may need to assign to the SCIM application from the Users and Groups menu in order to sync it to the platform depending on your ‘Scope’ selection.

  2. The ‘mail’ attribute is mandatory, if this attribute doesn’t exist in the application, please create one under Prevision > Edit Prevision > Users page.

  3. Go to Provisioning, click on Provision Azure Directory Users under Mappings field and make sure that Source Object Scope is "All Records" selected.

How to Sync User's Timezone Info to Platform?

Please follow the steps below to sync the timezone information of Azure AD users to the platform.

  1. Go to Provisioning Settings and click Users under Mappings to access attributes. Add a new attribute with these settings:

    • Mapping Type: Direct

    • Source Attribute: usageLocation

    • Default Value if Null (Optional): Leave as default

    • Target Attribute: timezone

    • Match Objects Using This Attribute: No

    • Matching Precedence: Leave as default

    • Apply This Mapping: Always

  2. Ensure all users have a Usage Location info set.

    • Go to Azure AD, open Users, and check the properties of a user.

    • At the bottom of the properties page, confirm Usage Location is set.

  3. If provisioning has already started:

    • Stop provisioning.

    • Start provisioning again.

    • Restart provisioning to apply changes immediately.

This process syncs timezone info for all users on the platform.

How to Group Users by Region / Country

If you would like to sync your users to the platform and group them by their Region / Country, please follow the steps below.

Once completed, users will be automatically assigned to groups based on their Region / Country information. For example, if a user has UK in their Region / Country attribute, a group named UK will be created, and the user will be assigned to it automatically.

Target User Custom Column Creation

  1. Go to Company > Target Users.

  2. While on the People menu, look at the right-hand side for the Actions column at the top.

    • Click the Settings button to access table settings.

  3. Click the EDIT FIELDS button.

  4. Click the + ADD CUSTOM FIELD button.

    • Name the column Country / Region (or similar).

  5. Click Save to create the custom column.

This column will later be used to sync users based on their Country / Region data.

Create New SCIM Settings

  1. Go to Company > Company Settings > SCIM Settings.

  2. Click the + NEW button to create a new SCIM setting.

  3. Enter a name for the setting.

  4. In the Map Fields section:

    • Select the Country / Region option.

    • Then in the field next to it, select: addresses[type eq "work"].country

    • Click Next.

  5. Leave the Group Name field empty.

  6. Under Grouping Criteria, select the Country / Region option.

  7. Leave the Syncronize groups with Identity Management Platform option empty.

  8. Click Save.

  9. Copy the Token and paste it into your SCIM application.

    1. If you haven't created a SCIM application yet, refer to the beginning of this document for setup instructions.

  10. Go to the Provisioning page on your SCIM application and:

    • First, click STOP

    • Then click START

    • Finally, restart the Provisioning process step by step

    • This will re-sync your users and group them based on their Country / Region information.

You may need to wait a few minutes for your users to sync from Azure AD to the platform.

Tutorial Video

This video tutorial shows the documentation steps for synchronizing users' information from the Azure AD identity provider to the platform.

💫
Getting Started
https://portal.azure.com/