Configure SCIM provisioning using Microsoft Azure Active Directory
This guide describes how to set up user sync SCIM provisioning using Azure Active Directory.
User sync with SCIM Provisioning with Azure AD saves time when setting up new users and teams and helps you manage and gain access through user lifecycle management. miniOrange's SCIM provisioning can help you create, read, and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across multiple user stores via Azure AD.
Follow the steps given below to configure User Sync SCIM provisioning using Azure AD with miniOrange.
Connect with External Source of Users
miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.
Follow the step-by-step guide given below for Provisioning using Azure AD
Prerequisites
- User must have an Admin account on miniOrange
- They should have a user license.
1. Configure SCIM Client for Azure AD in miniOrange
- Login to miniOrange dashboard.
- Go to Apps section
- Go to Apps > Add Application button.
- Select Provisioning >> Scim Client (source).
- Add the Custom Application Name
- Copy the Scim Base URL and Bearer Token and save it for further configuration.
- Configure the attributes mappings and toggle on/off Enable Provisioning Features based on your requirements.
- SCIM base URL and Bearer Token can also be retrieved later by editing the app.
- If the provisioning feature “Delete the Deactivated users” is enabled then the unassigned/deleted users in source will be deprovisioned otherwise they will be disabled.
- Save the app.
2. Configure provisioning in Azure AD
- Sign in to the Azure Active Directory portal using your Microsoft identity platform administrator account.
- Add an unlisted (non-gallery) application to your Azure AD organization.
- Search for Enterprise Application.
- Select Enterprise Applications > New application.
- Select Create your own application.
- Under What are you looking to do with your application? choose to Integrate any other application you don't find in the gallery .
- Configure Provisioning
- Open the created app
- Select Provisioning to open the provisioning panel for editing.
- Change provisioning mode from manual to automatic.
- Enter the SCIM Base URL into the Tenant URL and Bearer Token to Secret Token that we have saved earlier. Alternatively, you can also get SCIM Base URL and Bearer Token by editing the app you created during miniOrange app creation.
- Click on test connection.
- If test connection is successful save your configurations.
- Provisioning Users
- Go to Assign users and group and assign the user you want to provision.
- If you already have some users then go or else create some users first then continue.
- Start Provisioning
- Go to provisioning tab.
- Click on Start provisioning.
- If you want to provision your assigned user right now go for Provision on demand.
- Provision on demand
- Search for the user you want to provision (user must be assigned to the app).
- Click on Provision.
- Go to the User list in miniOrange portal, you will be able to find the user already provisioned.
External References
