Skip to main content

SCIM Guide

Follow the steps given bellow to set up SCIM!

Step 1

The first step is to create an Enterprise application on Azure AD portal:

  1. Select Enterprise applications from the left pane. A list of all configured apps is shown, including apps that were added from the gallery.

  2. Select + New application > + Create your own application.

  3. Enter a name for your application (e.g. IDEE SCIM), choose the option "integrate any other application you don't find in the gallery" and select Create to create an app object. The new app is added to the list of enterprise applications and opens to its app management
    screen.

Step 2

  1. In the app management screen, select Get started, then select Provisioning in the left panel.

  2. In the Provisioning Mode menu, select Automatic.

  3. In the Tenant URL field, enter the URL of the application's SCIM endpoint that you got from IDEE Integration Portal.

  4. In the Secret Token field, enter the value of the secret token that you got from IDEE Integration Portal.

  5. Select Test Connection to have Azure AD attempt to connect to the SCIM endpoint. If the attempt fails, error information is displayed.

  6. If the attempts to connect to the application succeed, then select Save to save the admin credentials.

Step 3

  1. In the Mappings section, there are two selectable sets of attribute mappings. Select Provision Azure Active Directory Groups to disable mapping of groups. Switch Enabled to No and select Save.

  2. Select Provision Azure Active Directory Users to modify the attributes that are synchronized from Azure AD to IDEE.

  3. In Attribute Mapping, delete all mappings except for these 2:
    userPrincipalName
    Switch([IsSoftDeleted], , "False", "True", "True", "False").

Step 4

  1. Select Add New Mapping and create new mapping that maps immutableId attribute to externalId.

  2. Select Ok to save the attribute mapping.

  3. Select Save to commit changes, and go back to the previous screen.

  4. Under Settings, the Scope field defines which users and groups are synchronized. Select Sync only assigned users and groups to only sync users and groups assigned in the Users and groups tab.

  5. Once your configuration is complete, set the Provisioning Status to On.

  6. Select Save to start the Azure AD provisioning service.