How to set up SCIM with Azure AD

The purpose of this article is to guide you through the setup of SCIM with Azure AD. If you're looking for more general information about SCIM and what it is, please go to our other article:  What is SCIM and how does Templafy use it?

Templafy/Implementation partner

Steps explained below are needed actions from Templafy/Implementation partners:

• Go to yourtenant.templafy.com in a browser and click Administration

• Navigate to Authentication Method in admin interface and create a new method.

• Save the new authentication method and now you will see a field called SCIM API Key. Generate a new one and then copy it.

• Send SCIM key to client IT

Client IT

Pre-requisites

• A Templafy tenant and an Azure AD tenant
• Have Global Administrator rights for the Active Directory
• Access rights to set up Enterprise applications.

This guide is specifically for AzureAD, so if you're looking for another guide for OneLogin, please visit: How to setup SCIM for OneLogin 

Step-by-step guide: 

1. Go to your Azure Portal and sign in (Important: make sure you are in the correct directory!)

2. Navigate to Azure Active Directory on the left hand side

3. Navigate to Enterprise Applications > All applications > New application

Note: SCIM isn't supported from the same Enterprise Application. So if you are already using AzureAD (OpenID) as authentication for Templafy, you would need to create new Enterprise Application designated for SCIM.

4. Search for Templafy in the Gallery and click add to choose the application

5. Select the Provisioning tab

6. Set the Provisioning Mode to Automatic.

7. Under the Admin Credentials section, input https://scim.templafy.com/scim in Tenant URL. Input the SCIM API Key value retrieved earlier in Secret Token. Click Test Connection to ensure Azure AD can connect to Templafy. If the connection fails, ensure your Templafy account has Admin permissions and try again.

8. In the Notification Email field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - Send an email notification when a failure occurs.

9. Click Save.

10. Under the Mappings section, select Synchronize Azure Active Directory Groups to Templafy.

11. Review the group attributes that are synchronized from Azure AD to Templafy in the Attribute Mapping section. The attributes selected as Matching properties are used to match the groups in Templafy for update operations. Select the Save button to commit any changes.

12. To configure scoping filters, refer to the following instructions provided here

13. To enable the Azure AD provisioning service for Templafy, change the Provisioning Status to On in the Settings section.

14. Define the users and/or groups that you would like to provision to Templafy by choosing the desired values in Scope in the Settings section.

15. When you are ready to provision, click Save.

16. If you decide to Sync only assigned users and groups. Please navigate back to Users and Groups section of the App to add relevant users and/ or groups

Note: This operation starts the initial synchronization of all users and/or groups defined in Scope in the Settings section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. You can use the Synchronization Details section to monitor progress and follow links to provisioning activity report, which describes all actions performed by the Azure AD provisioning service on Templafy.

For further information, please see Microsoft's tutorial on the this topic:  https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/templafy-provisioning-tutorial