Submit a request

Articles in this section

See more

Azure Active Directory User Provisioning Integration (SCIM)

Avatar
Support Manager
  • Updated
Follow

Configure SCIM user provisioning

Using the Azure Active Directory User Provisioning Integration (SCIM) allows your organization to simplify your User Provisioning by eliminating the need to do manual, duplicate entry of employee information. 

To provision Azure user accounts using SCIM, perform the following steps: 

1. In Azure or the Office 365 Admin centre,  click Azure Active Directory.

2. From the left navigation pane, click Enterprise Applications.

3. From the left navigation pane and under Manage > All Applications, click New Application.

Screen_Shot_2021-06-04_at_11.09.48_AM.png

4. In the Browse Azure AD Gallery page select Create your own applicationScreen_Shot_2021-06-04_at_11.10.03_AM.png

5. In the resulting screen, name the new app and select Integrate any other application you don't find in the gallery (Non-gallery)

Screen_Shot_2021-06-04_at_11.17.24_AM.png

6. After creating your app go back to the Enterprise Applications page. Select your new app and then select Provisioning from the left menu.

Screen_Shot_2021-06-04_at_11.18.57_AM.png

7. In the next screen select Get Started.

Screen_Shot_2021-06-04_at_11.19.12_AM.png

8. In the Provisioning window, select Automatic as your Provisioning Mode. Afterward, copy the following URL into the Tenant URL followed by copying the required Secret Token into the Secret Token field. You can get the token from the Kudos® platform Admin panel's API tab as shown below.

https://api.kudosnow.com/scim/v2/?aadOptscim062020

Screen_Shot_2021-06-04_at_11.20.58_AM.png

Screen_Shot_2022-03-22_at_9.47.16_AM.png

9. Click Test connection. If the connection is successful, you can change select Save and then Start Provisioning on the following screen.

10. The next step is to assign users and groups to the SCIM app in order to sync user's data.

11. Finally all fields being sent to the Kudos® platform can be left at Azure AD defaults or adjusted to target the specific attribute you wish to send. This can be done in the Provisioning Tab by selecting Edit Attribute MappingsProvision Azure Active Directory Users and then adjusting any of the mappings in the following screen. Please see below for the list of attributes available to send from Azure to Kudos.

Screen_Shot_2021-06-04_at_11.33.16_AM.png

Kudos + Azure SCIM provisioning currently supports the sending of the following attributes. When selecting your Source Attribute make sure to select the field in your Azure that corresponds with the target in Kudos.

 

Please be aware that sometimes when copying the 'Target Attribute' below into azure a space may be added after 'schemas:'. This space needs to be removed so the attributes show as 'schemas:extension' with no space. Also please note the following attributes in bold are required:

Source Attribute

Target Attribute

Email

userName

Switch([IsSoftDeleted], , "false", "true", "true", "false")

active

Kudos Privileges 

urn:ietf:params:scim:schemas:

extension:kudos:2.0:privileges[type eq "Primary"]

First Name

name.givenName

Surname

name.familyName

Preferred Name

name.nickName

Job Title

title

Department

urn:ietf:params:scim:schemas:

extension:enterprise:2.0:User:department

Location

urn:ietf:params:scim:schemas:

extension:kudos:2.0:location

Country

addresses[type eq "work"].country

External ID

externalId

Date of Birth

urn:ietf:params:scim:schemas:

extension:kudos:2.0:dateOfBirth

Employee Number

urn:ietf:params:scim:schemas:

extension:enterprise:2.0:User:employeeNumber

Kudos Points Allocation Override

urn:ietf:params:scim:schemas:

extension:kudos:2.0:kudosPoints

telephoneNumber

phoneNumbers[type eq "work"].value

Start Date

urn:ietf:params:scim:schemas:

extension:kudos:2.0:startDate

Manager's Email

urn:ietf:params:scim:schemas:

extension:enterprise:2.0:User:manager.managerId

Notes

urn:ietf:params:scim:schemas:

extension:kudos:2.0:notes

To add a target attribute to your Azure AD schema select "Show advanced options" at the bottom of your Attribute Mapping page, followed by "Edit attribute list for customappsso". This will open your "Edit Attribute List" panel at which point you can the Target Attribute to the list. 

 

Note that it may take 1-2 hours before the initial provisioning process will begin to send requests to the Kudos® platform SCIM endpoint. After this initial sync, all future syncs are carried out daily overnight. A summary of connection attempts is provided on the application’s Overview tab, and both a report of provisioning activity and any provisioning errors can be downloaded.

 

We hope this helps! If you have any questions, please reach out to us at support@kudos.com and one of our friendly staff will be happy to assist you.

Related articles

Comments

0 comments

Article is closed for comments.