Configure SCIM user provisioning
To provision Azure user accounts using SCIM, perform the following steps:
1. In Azure or the Office 365 Admin centre, click Azure Active Directory.
2. From the left navigation pane, click Enterprise Applications.
3. From the left navigation pane and under Manage > All Applications, click New Application.
4. In the Browse Azure AD Gallery page select Create your own application
5. In the resulting screen, name the new app and select Integrate any other application you don't find in the gallery (Non-gallery)
6. After creating your app go back to the Enterprise Applications page. Select your new app and then select Provisioning from the left menu.
7. In the next screen select Get Started.
8. In the Provisioning window, select Automatic as your Provisioning Mode. Afterward, copy the following URL into the Tenant URL followed by copying the required Secret Token into the Secret Token field. You can get the token from the Kudos® platform Admin panel's API tab as shown below.
https://api.kudosnow.com/scim/v2
9. Click Test connection. If the connection is successful, you can change select Save and then Start Provisioning on the following screen.
10. The next step is to configure the attributes that will be sent to the Kudos® platform. For your convenience, we have included the default recommended schema that contains the most commonly used attributes that you can download by clicking here or by downloading the attachment at the bottom of this page.
Once you have downloaded the schema it must be uploaded to your Azure app. This can be done in the Provisioning Tab by selecting Edit Attribute Mappings > Provision Azure Active Directory Users > Show advanced options > Review your schema here
11. Once in the Schema editor page delete all of the data present in the JSON by default, open the provided default schema file in any text editor and copy all text from the file into the schema editor. Once finished copying select Save. This will load the default recommended attribute set for Kudos.
12. Review your newly set attributes on the Attribute Mapping screen and make any adjustments necessary for your organizations Azure data.
Please see below for the full list of attributes available to send from Azure to Kudos. If there are any attributes not added by copying the schema you would like to add, select "Show advanced options" at the bottom of your Attribute Mapping page followed by "Edit attribute list for customappsso". This will open your "Edit Attribute List" panel at which point you can manually add the Target Attribute from below to the list.
Please note when setting up mappings, the matching precedence must be set as:
1. objectId / externalId
2. mail / userName
Kudos + Azure SCIM provisioning currently supports the sending of the following attributes. When selecting your Source Attribute make sure to select the field in your Azure that corresponds with the target in Kudos.
Please be aware that sometimes when copying the 'Target Attribute' below into azure a space may be added after 'schemas:'. This space needs to be removed so the attributes show as 'schemas:extension' with no space. Also please note the following attributes in bold are required:
|
Source Attribute |
Target Attribute |
|
|
userName |
|
Switch([IsSoftDeleted], "", "False", "True", "True", "False") |
active |
|
objectId |
externalId |
|
First Name |
name.givenName |
|
Surname |
name.familyName |
|
Preferred Name |
name.nickName |
|
Job Title |
title |
|
Department |
urn:ietf:params:scim:schemas: extension:enterprise:2.0:User:department |
|
Location |
urn:ietf:params:scim:schemas: extension:kudos:2.0:location |
|
Country |
addresses[type eq "work"].country |
|
Kudos Privileges |
urn:ietf:params:scim:schemas: extension:kudos:2.0:privileges[type eq "Primary"] |
|
Date of Birth |
urn:ietf:params:scim:schemas: extension:kudos:2.0:dateOfBirth |
|
Employee Number |
urn:ietf:params:scim:schemas: extension:enterprise:2.0:User:employeeNumber |
|
Kudos Points Allocation Override |
urn:ietf:params:scim:schemas: extension:kudos:2.0:kudosPoints |
|
telephoneNumber |
phoneNumbers[type eq "work"].value |
|
Start Date |
urn:ietf:params:scim:schemas: extension:kudos:2.0:startDate |
|
Manager |
urn:ietf:params:scim:schemas: extension:enterprise:2.0:User:manager.managerId |
|
Level |
urn:ietf:params:scim:schemas: extension:kudos:2.0:level |
|
Notes |
urn:ietf:params:scim:schemas: extension:kudos:2.0:notes |
13. The final step to configuration is to assign the required users or groups to your Kudos enterprise app in Azure. To do this go back to your Kudos enterprise app Overview page and select Users and groups from the left hand menu.
14. Once in the Users and groups page you can select Add user/group from the top menu and search for the group/users to be provisioned to Kudos.
Note that it may take 1-2 hours before the initial provisioning process will begin to send requests to the Kudos® platform SCIM endpoint, and can take some time to finish syncing after it begins depending on your user count.
After this initial sync, all future syncs are carried out daily overnight. A summary of connection attempts is provided on the application’s Overview tab, and both a report of provisioning activity and any provisioning errors can be downloaded.
We hope this helps! If you have any questions, please reach out to us at support@kudos.com and one of our friendly staff will be happy to assist you.
Comments
0 comments
Article is closed for comments.