Azure AD SCIM Provisioning allows to create account in a simplified way and link Azure AD SCIM users' account to their existing or new apps. Azure AD SCIM Provisioning automates user provisioning with their identities.
Provisioning saves time when setting up new users and teams, and also manages access privileges through the user lifecycle. miniOrange can create, read, and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across multiple user stores.
Azure AD SCIM User provisioning and deprovisioning actions are bi-directional, so you can create accounts inside an external application and import them into miniOrange, or alternatively create the accounts in miniOrange and then push them out to any linked external applications.
Azure AD SCIM Deprovisioning means deleting a user and removing their access from multiple applications and network systems at once. Deprovisioning action is triggered when an employee leaves a company or changes roles within the organization. The deprovisioning features increase your organization's security profile by removing access to sensitive applications and content from people who leave your organization.
Provisioning & Deprovisioning Scenarios
miniOrange provides Provisioning solutions for all scenarios of user management (provisioning), which includes AD Integration, LDAP Integration and automated provisioning for all External Applications such as Azure AD SCIM, Google Workspace, Workday, etc
Follow the Step-by-Step Guide given below to setup Azure AD SCIM Provisioning
1. Add SCIM Configuration for Azure AD application in miniOrange
Go to Apps >> Provisioning >> Create a SCIM 2.0 App for Azure AD.
Save the SCIM Base URL and Bearer token which will be used in this step.
2. Setup SCIM Provisioning for Azure AD
Log in to your Azure AD portal and select the Azure Active Directory. Then create an Enterprise application.
Click on New Application and select non-gallery application. If you already have an enterprise application and want to enable provisioning in it then jump to this step.
Give suitable name to your user provisioning application.
Click on Provisioning in left menu and click on Get started.
Select the Provisioning Mode as Automatic.
Under Admin Credentials, enter the SCIM Base URL (as Tenant URL) and SCIM bearer Token (as Secret Token) as provided by miniOrange.
Click on Test Connection. If the connection is established, it will show a success message.
Click on the Save button.
Then go to the Users and Groups menu and add Users that you want to provision into your application.
Now, again open the Provisioning menu and set the Provisioning status to On.
Select the Scope as per your requirements and click on the Save button.
3. Add Attribute Mapping
Now in the Add Attribute Mapping, choose the required Target Attributes with their specific miniOrange Attributes. You can select either Default User Profile Attribute or Custom User Profile Attribute.
Note: The userName, name.givenName, name.familyName, emails[type eq \"work\"].value, displayName and active fields are required.
In Enable Provisioning Features, you can enable any feature below.
Click on Save button.
4. Test Configuration
When the initial cycle run from Azure, you can see the user details from AzureAD in miniOrange.
View Provisioning Reports
How to access Provisioning Reports?
Navigate to the Reports in the left-hand navigation pane and select Provisioning Report.
Filter the reports by specifying Enduser Identifier and Application Name criteria. Additionally, choose the desired timespan for the reports. Once done, click on the Search.
Alternatively, you can directly click on Search to retrieve all provisioning reports based on time without applying any specific filters.