Configuring AzureAD SCIM (for Organizations)

Currently, this feature is being released to some customers as PoC.

By automatically synchronizing user information from AzureAD to ovice, account management such as creating, updating, and deleting ovice accounts can be performed efficiently.

 

Advanced Preparation

1. Make sure you have the necessary permissions for configuration

  • Assigning the AzureAD “Application Administrator” role
  • ovice organization ownership or permission groups to which access are assigned

2. Click on the hamburger menu at the top left of the screen and select the Organization tab from the main menu. The organization tab can only be accessed by organization owners.

Screenshot 2023-08-15 at 11.06.16 PM.png

3. From Organization Settings → Click Integration

4. Click on the Azure AD SCIM app

Screenshot 2023-10-10 at 0.57.23 PM.png

Do not close the ovice settings screen in this state.

 

AzureAD Settings

1. Open the application management screen created in AzureAD settings (for organizations)

2. Click Provisioning on the side menu

3. Click Provisioning under Management and select Automatic as the provisioning mode.

Screenshot 2023-10-16 at 9.20.12 PM.png

4. Copy and paste the items displayed on the ovice screen prepared in advance to the Azure AD side

ovice Setting Screen (copy source) AzureAD settings screen (paste destination)
Tenant URL Tenant URL
Secret Token Secret Token



5. Click Test Connection confirm that the test was completed successfully, and click Save.

6. Close Provisioning with the ✕ button on the top right

There is no problem if the mapping Groups and Users are both set to the "valid" status with the default values, but the following 5 items are required attribute mappings for users.

  • userPrincipalName
  • displayName
  • jobTitle
  • mail
  • department

Screenshot 2023-10-10 at 3.01.22 PM.png

7. Click ProvisioningProvisioning in the sidebar

8. Change the provisioning status to On and click Save

Screenshot 2023-10-10 at 3.03.04 PM.png

 

Proof of Email Domain Ownership

1. Return to the preliminary preparation screen and click Email domain authentication management (SCIM) 

2. Click Add domain

3. Enter your email domain and click Save

4. Copy the obtained TXT record

5. Add TXT record on the domain provider management screen

*It may take up to 72 hours for the changes to take effect. Please check with each provider for additional information.

6. Confirm that “◯” is displayed in the “Authentication” item on the ovice settings screen.

 

Login/Account Information for Each User

Please log in using the following method.
Login using AzureAD (organization)

Once provisioned, Microsoft's "user name," "title," and "department" will be automatically reflected in the ovice profile. These items on the ovice profile screen are deactivated and cannot be changed.

Screenshot 2023-10-18 at 9.06.07 AM (1).png

 

Tips

  • The user provisioning interval is set by Microsoft to 40 minutes.
    Microsoft support page
  • If you want to reflect it immediately, select the target user from "Provision on demand" on the AzureAD settings screen and execute.

Screenshot 2023-10-13 at 11.37.52 AM.png

  • If you remove users from each app, they will be deprovisioned after 30 days. If you want to remove a user immediately, you must remove the user from your Microsoft Entra ID.
    Microsoft support page

Articles in this section

See more