Configure SCIM user provisioning
To provision Azure user accounts using SCIM, perform the following steps:
1. In Azure or the Office 365 Admin centre, click Azure Active Directory.
2. From the left navigation pane, click Enterprise Applications.
3. From the left navigation pane and under Manage > All Applications, click New Application.
4. In the Browse Azure AD Gallery page select Create your own application
5. In the resulting screen, name the new app and select Integrate any other application you don't find in the gallery (Non-gallery)
6. After creating your app go back to the Enterprise Applications page. Select your new app and then select Provisioning from the left menu.
7. In the next screen select Get Started.
8. In the Provisioning window, select Automatic as your Provisioning Mode. Afterward, copy the following URL into the Tenant URL followed by copying the required Secret Token into the Secret Token field. You can get the token from the Kudos® platform Admin panel's API tab as shown below.
https://api.kudosnow.com/scim/v2/?aadOptscim062020
9. Click Test connection. If the connection is successful, you can change select Save and then Start Provisioning on the following screen.
10. The next step is to assign users and groups to the the SCIM app in order to sync user's data.
11. Finally all fields being sent to the Kudos® platform can be left at Azure AD defaults or adjusted to target the specific attribute you wish to send. This can be done in the Provisioning Tab by selecting Edit Attribute Mappings > Provision Azure Active Directory Users and then adjusting any of the mappings in the following screen. Please see below for the list of attributes available to send from Azure to Kudos.
Kudos + Azure SCIM provisioning currently supports the sending of the following attributes. When selecting your Source Attribute please select the field in your Azure that corresponds with the target in Kudos. Also please note the following attributes in bold are required:
|
Source Attribute |
Target Attribute |
|
|
userName |
|
Switch([IsSoftDeleted], , "false", "true", "true", "false") |
active |
|
Kudos Privileges |
urn:ietf:params:scim:schemas:extension:kudos:2.0:privileges[type eq "Primary"] |
|
First Name |
name.givenName |
|
Surname |
name.familyName |
|
Preferred Name |
name.nickName |
|
Job Title |
title |
|
Department |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department |
|
Location |
urn:ietf:params:scim:schemas:extension:kudos:2.0:location |
| Country | addresses[type eq "work"].country |
|
External ID |
externalId |
|
Date of Birth |
urn:ietf:params:scim:schemas:extension:kudos:2.0:dateOfBirth |
|
Employee Number |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber |
|
Kudos Points Allocation Override |
urn:ietf:params:scim:schemas:extension:kudos:2.0:kudosPoints |
|
telephoneNumber |
phoneNumbers[type eq "work"].value |
|
Start Date |
urn:ietf:params:scim:schemas:extension:kudos:2.0:startDate |
|
Manager's Email |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.managerId |
|
Notes |
urn:ietf:params:scim:schemas:extension:kudos:2.0:notes |
To add a target attribute to your Azure AD schema select "Show advanced options" at the bottom of your Attribute Mapping page, followed by "Edit attribute list for customappsso". This will open your "Edit Attribute List" panel at which point you can the Target Attribute to the list.
Note that it may take 1-2 hours before the initial provisioning process will begin to send requests to the Kudos® platform SCIM endpoint. After this initial sync, all future syncs are carried out daily overnight. A summary of connection attempts is provided on the application’s Overview tab, and both a report of provisioning activity and any provisioning errors can be downloaded.
We hope this helps! If you have any questions, please reach out to us at support@kudos.com and one of our friendly staff will be happy to assist you.
Comments
0 comments
Article is closed for comments.