Azure AD SCIM Integration

This document shows step-by-step how to synchronize users' information from the Azure AD identity provider to the platform.

Please make sure to set up the mandatory settings from the ‘Getting Started’ page in this document before proceeding to the following step.

Azure Active Directory Configuration

Please log in to https://portal.azure.com/ as an Admin and select Azure Active Directory under the Azure Services section.
Click on Enterprise applications on the left-hand side of the screen.
Click +New application to create an application for SCIM integration.
Click on the +Create your own application to create an application.
1. Enter a name for the application.
2. Select ‘Integrate any other application you don't find in the gallery (Non-gallery)’ option.
3. Click the Save button to create the application.
Click on the application to enter the application settings.
1. Select the ‘Provisioning’ menu from the left side.
2. Click the ‘New Configuration’ button and then enter the following information.
3. Tenant URL: https://scim-api.keepnetlabs.com/scim
4. Secret Token: Enter the token which was created on the platform.
5. Provisioning Status: If this option is "Off", please switch it to "On" status.
6. Click the ‘Test Connection’ button to test your configuration. If it’s successful, click the Save button to save settings.
Before starting the synchronization, set the synchronization type in the application.
1. Click the ‘Edit Provisioning’ button and then under Settings, you can see the ‘Scope’ setting.
2. You can select an option to synchronize users to the platform.
  1. If you select, ‘Sync all users and groups’, all users or groups that are available in the Azure AD will be synchronized to the platform. This option might be dangerous for your platform license count.
  2. If you select, ‘Sync only assigned users and groups’, only specific assigned users or groups to the application will be synchronized to the platform.

Synchronization Users or Groups

Depending on your ‘Scope’ selection, you can assign your users or groups to the application by clicking the Users and Groups menu under the Manage column on the left and then click the ‘Start Provision’ button to start synchronization.
You can see target users on the platform approximately in a few minutes. The Azure AD rechecks the application for new users, changes or deleted users every 40 minutes.

Troubleshooting

If a user can not be synchronized to the platform, please check the following settings.

The user may need to assign to the SCIM application from the Users and Groups menu in order to sync it to the platform depending on your ‘Scope’ selection.
The ‘mail’ attribute is mandatory, if this attribute doesn’t exist in the application, please create one under Prevision > Edit Prevision > Users page.
Go to Provisioning, click on Provision Azure Directory Users under Mappings field and make sure that Source Object Scope is "All Records" selected.

How to Sync User's Timezone Info to Platform?

Please follow the steps below to sync the timezone information of Azure AD users to the platform.

Go to Provisioning Settings and click Users under Mappings to access attributes. Add a new attribute with these settings:
- Mapping Type: Direct
- Source Attribute: usageLocation
- Default Value if Null (Optional): Leave as default
- Target Attribute: timezone
- Match Objects Using This Attribute: No
- Matching Precedence: Leave as default
- Apply This Mapping: Always
Ensure all users have a Usage Location info set.
- Go to Azure AD, open Users, and check the properties of a user.
- At the bottom of the properties page, confirm Usage Location is set.
If provisioning has already started:
- Stop provisioning.
- Start provisioning again.
- Restart provisioning to apply changes immediately.

This process syncs timezone info for all users on the platform.

Tutorial Video

This video tutorial shows the documentation steps for synchronizing users' information from the Azure AD identity provider to the platform.

PreviousGetting Started with SCIM NextOkta SCIM Integration

Last updated 22 days ago

Was this helpful?

Azure Active Directory Configuration

Please log in to https://portal.azure.com/ as an Admin and select Azure Active Directory under the Azure Services section.

Click on Enterprise applications on the left-hand side of the screen.

Click +New application to create an application for SCIM integration.

Click on the +Create your own application to create an application.

Enter a name for the application.
Select ‘Integrate any other application you don't find in the gallery (Non-gallery)’ option.
Click the Save button to create the application.

Click on the application to enter the application settings.

Select the ‘Provisioning’ menu from the left side.
Click the ‘New Configuration’ button and then enter the following information.
Tenant URL: https://scim-api.keepnetlabs.com/scim
Secret Token: Enter the token which was created on the platform.
Provisioning Status: If this option is "Off", please switch it to "On" status.
Click the ‘Test Connection’ button to test your configuration. If it’s successful, click the Save button to save settings.

Before starting the synchronization, set the synchronization type in the application.

Click the ‘Edit Provisioning’ button and then under Settings, you can see the ‘Scope’ setting.
You can select an option to synchronize users to the platform.
1. If you select, ‘Sync all users and groups’, all users or groups that are available in the Azure AD will be synchronized to the platform. This option might be dangerous for your platform license count.
2. If you select, ‘Sync only assigned users and groups’, only specific assigned users or groups to the application will be synchronized to the platform.

Synchronization Users or Groups

Depending on your ‘Scope’ selection, you can assign your users or groups to the application by clicking the Users and Groups menu under the Manage column on the left and then click the ‘Start Provision’ button to start synchronization.

You can see target users on the platform approximately in a few minutes. The Azure AD rechecks the application for new users, changes or deleted users every 40 minutes.

Troubleshooting

If a user can not be synchronized to the platform, please check the following settings.

The user may need to assign to the SCIM application from the Users and Groups menu in order to sync it to the platform depending on your ‘Scope’ selection.

The ‘mail’ attribute is mandatory, if this attribute doesn’t exist in the application, please create one under Prevision > Edit Prevision > Users page.

Go to Provisioning, click on Provision Azure Directory Users under Mappings field and make sure that Source Object Scope is "All Records" selected.

How to Sync User's Timezone Info to Platform?

Please follow the steps below to sync the timezone information of Azure AD users to the platform.

Go to Provisioning Settings and click Users under Mappings to access attributes. Add a new attribute with these settings:

Mapping Type: Direct
Source Attribute: usageLocation
Default Value if Null (Optional): Leave as default
Target Attribute: timezone
Match Objects Using This Attribute: No
Matching Precedence: Leave as default
Apply This Mapping: Always

Ensure all users have a Usage Location info set.

Go to Azure AD, open Users, and check the properties of a user.
At the bottom of the properties page, confirm Usage Location is set.

If provisioning has already started:

Stop provisioning.
Start provisioning again.
Restart provisioning to apply changes immediately.

This process syncs timezone info for all users on the platform.