SCIM Integrations

Azure AD SCIM Integration

Introduction

This documentation has been prepared for our customers who are going to integrate Azure Active Directory with the platform and sync the AD users to the platform.

The document will explain how the integration works and show step by step how to set up the configuration and synchronization of the users with the platform.

What is Azure Active Directory?

Azure Active Directory (Azure AD) is Microsoft's enterprise cloud-based identity and access management (IAM) solution. Azure AD is the backbone of the Office 365 system, and it can sync with on-premise Active Directory and provide authentication to other cloud-based systems.

Getting Started

First, we need to learn the Secret Token ID, and to see that, please go to Advanced Settings > SCIM Settings and then click on the NEW SCIM button.

  • SCIM Integration Name is a free text area where you can give a name your SCIM integration.

  • Group Name is a free text area where you can give a name for the target group.

  • Set as default group: check this box for all users on Azure ID to be assigned and synchronised to this group and not department-based. If this box is not checked, then the group will be assigned and department-based.

  • Secret Token is automatically generated for your company profile. Please note this secret token for Azure AD SCIM configuration.

  • SCIM Groups: a user is allocated to a group using the following criteria:

    • If a user has a Department, the group will be created with the department name, and the user will be assigned to this group.

    • When the user has no department, then the user will be assigned to the SCIM Group created by the administrator.

    • If a user has no Department and no SCIM Group created by the Administrator, a group will be created by the system and displayed as ‘Undefined’; the user will then be assigned to this group.

Second, we need to get a SCIM URL for authentication. Please get this SCIM URL from your supplier or vendor.

SCIM URL example = https://scim.example.com/scim

Once we have these two pieces of information, we can go to the Azure Active Directory Configuration section.

Please note that The Admin cannot delete the synchronised user from the SCIM Group.

Azure Active Directory Configuration

1.) Please log in to https://portal.azure.com/ as an Admin and select Azure Active Directory under the Azure services section.

2.) Click on Enterprise applications on the left-hand side of the screen.

3.) Click to +New application to create an application for SCIM integration.

4.) Choose the Non-gallery application. Important Note: If you don’t see the Non-gallery Application, go to Click here to switch back to the old app gallery experience.

5.) Enter a name for the application like My SCIM Integration.

6.) Once you have successfully created it, you will see it on the application list. Click on this to complete the configuration.

7.) Select 3. Provision User Accounts

8.) The last step is to complete these requirements:

  • Tenant URL: https://scim.example.com/scim (Please provide your supplier or vendor SCIM URL)

  • Secret Token: Please get this token from Advanced Settings > SCIM Settings profile. More details can be found in Getting Started at the beginning of the guide.

Click Test Connection to test your configuration and if everything looks good, then click the Save button to save this configuration. Important information: Once you save your settings, do not forget to switch Provision Status from “off” to “on”. It should always be “on’.

There are two options for the scope:

  1. “Sync only assigned users and groups”: This option lets you sync all your existing users and groups with the platform.

  2. “Sync only assigned users and groups”: This option lets you sync a specific user or group with the platform.

Select your app under the Enterprise Applications menu and go to Users and Groups.

Please save all configuration and wait for sync users with the platform. You can see your target users on the platform under Company > Target Users.

Please contact your supplier or vendor for more information.

Troubleshooting

If there is already a user email account in a Target Group, you can not add the same email account to different groups by using SCIM. It creates a conflict if you try to add a user who has already been added.

Okta SCIM Integration

Introduction

This part has been prepared for our customers who are going to integrate Okta into our platform and sync the Okta users to the platform.

This part guide will explain how the integration works and how to set up the configuration and synchronization of the users with the platform step by step.

What is Okta?

Okta | The Identity Standard is identity and access management software that helps companies manage and secure their user authentication like their modern applications, website web services, and devices.

Getting Started

To start the integration, first, we need to learn the Secret Token ID. Please go to Advanced Settings > SCIM Settings and then click on the NEW SCIM button to get it.

  • SCIM Integration Name is a free text area where you can name your SCIM integration.

  • Group Name is a free text area where you can name the target group.

  • Set as default group is a box that helps to check the users to be imported and synchronized on Okta. If you do not check this box, then the group will be imported as department-based.

  • Secret Token is automatically generated for your company profile. Please save this secret token for Okta SCIM configuration.

  • SCIM Groups: A user is allocated to a group according to the following criteria:

    • If ‘Set as default group’ is checked, all Okta users will be imported to only one group. If this box is not checked, then the following item will progress.

    • If a user has a Department, the group will be created with the department name, and the user will be imported to this group.

    • When the user has no department, then the user will be imported to the SCIM Group created by the administrator.

    • If a user has no Department and no SCIM Group created by the Administrator, a group will be created by the system and displayed as ‘Undefined’; the user will then be imported to this group.

Second, we need to get a SCIM URL for authentication. Please get this SCIM URL from your supplier or vendor.

SCIM URL example = https://scim.example.com/scim

Once we have these two pieces of information, we can go to the Okta admin panel.

Please note that the Admin cannot delete the synchronized user from the SCIM Group.

Okta Configuration

  1. Please log in to https://www.okta.com/ as an Admin and click the Admin button on the right side to go to the Admin panel.

  2. Click on Applications and go to Applications at the top of the screen.

  3. Search‘SCIM 2.0 Test App (OAuth Bearer Token)'and click on the Add button.

  4. Enter a name for the application like My SCIM Integration and click on the Next button.

  5. Choose SAML 2.0 with the default settings and click on the Done button.

  6. Once you have successfully created the application, you will see Provisioning on the panel. Click on this to proceed to the configuration.

  7. Click on the Configure API Application button and fill in the following fields.

Base URL: https://scim.example.com/scim (Please provide your supplier or vendor SCIM URL)

API Token: Please get this token from Advanced Settings > SCIM Settings profile. More details can be found in Getting Started.

And please click on the Test API Credentials button. If you see a "Successfully verified" message, please click the Save button to proceed.

9.) On the Provisioning menu, go to the ‘To app’ menu and click the Edit button to enable the following fields. Please make sure to click the Save button after enabling the following fields.

  1. Create Users

  2. Update User Attributes

  3. Deactivate Users

Okta configuration has been successfully finished. You can proceed with the following step.

Synchronization Users or Groups

1.) Please go to the Assignments menu and click on the Assign button to assign Users or Groups to this SCIM application which will be synchronized to the platform.

2.) To import user(s) and synchronization, please click on the Users and assign one user to this application. The user who is assigned to this application will be synchronized to the group on the platform.

3.) To import group(s) and synchronization, please click on the Groups and assign one or more groups to this application. The group(s) members, which are assigned to the application will be synchronized to the group on the platform.

NOTE: If you deactivate the group or user from the application, the user(s) or group(s) will be removed from the platform after a few minutes.

Please contact your supplier or vendor for more information.

Last updated