Currently, this feature is being released to some customers as PoC.
By automatically synchronizing user information from AzureAD to ovice, account management such as creating, updating, and deleting ovice accounts can be performed efficiently.
Advanced Preparation
1. Make sure you have the necessary permissions for configuration
- Assigning the AzureAD “Application Administrator” role
- ovice organization ownership or permission groups to which access are assigned
2. Click on the hamburger menu at the top left of the screen and select the Organization tab from the main menu. The organization tab can only be accessed by organization owners.
3. From Organization Settings → Click Integration
4. Click on the Azure AD SCIM app
Do not close the ovice settings screen in this state.
AzureAD Settings
1. Open the application management screen created in AzureAD settings (for organizations)
2. Click Provisioning on the side menu
3. Click Provisioning under Management and select Automatic as the provisioning mode.
4. Copy and paste the items displayed on the ovice screen prepared in advance to the Azure AD side
ovice Setting Screen (copy source) | AzureAD settings screen (paste destination) |
---|---|
Tenant URL | Tenant URL |
Secret Token | Secret Token |
5. Click Test Connection confirm that the test was completed successfully, and click Save.
6. Close Provisioning with the ✕ button on the top right
There is no problem if the mapping Groups and Users are both set to the "valid" status with the default values, but the following 5 items are required attribute mappings for users.
- userPrincipalName
- displayName
- jobTitle
- department
7. Click Provisioning → Provisioning in the sidebar
8. Change the provisioning status to On and click Save
Proof of Email Domain Ownership
1. Return to the preliminary preparation screen and click Email domain authentication management (SCIM)
2. Click Add domain
3. Enter your email domain and click Save
4. Copy the obtained TXT record
5. Add TXT record on the domain provider management screen
*It may take up to 72 hours for the changes to take effect. Please check with each provider for additional information.
6. Confirm that “◯” is displayed in the “Authentication” item on the ovice settings screen.
Login/Account Information for Each User
Please log in using the following method.
Login using AzureAD (organization)
Once provisioned, Microsoft's "user name," "title," and "department" will be automatically reflected in the ovice profile. These items on the ovice profile screen are deactivated and cannot be changed.
Tips
-
The user provisioning interval is set by Microsoft to 40 minutes.
Microsoft support page - If you want to reflect it immediately, select the target user from "Provision on demand" on the AzureAD settings screen and execute.
-
If you remove users from each app, they will be deprovisioned after 30 days. If you want to remove a user immediately, you must remove the user from your Microsoft Entra ID.
Microsoft support page