How to set up SCIM with Azure AD

About this article

The purpose of this article is to guide you through the setup of SCIM with Azure AD. If you're looking for more general information about SCIM and what it is, please go to our other article: What is SCIM and how does Templafy use it?

Prerequisites

A Templafy tenant and an Azure AD tenant
Have Global Administrator rights for the Active Directory
Access rights to set up Enterprise applications.

Templafy/Implementation partner

Steps explained below are needed actions from Templafy/Implementation partners:

Go to yourtenant.templafy.com in a browser and click Administration
Navigate to Authentication Method in admin interface and create a new method.
Save the new authentication method and now you will see a field called SCIM API Key. Generate a new one and then copy it.
Send SCIM key to client IT

Screenshot_2019-02-15_at_15.26.05.png

Client IT

This guide is specifically for AzureAD, so if you're looking for another guide for OneLogin, please visit: How to setup SCIM for OneLogin

Step-by-step guide

Go to your Azure Portal and sign in (Important: make sure you are in the correct directory!)
Navigate to Azure Active Directory on the left hand side

Navigate to Enterprise Applications > All applications > New application

SCIM isn't supported from the same Enterprise Application. So if you are already using AzureAD (OpenID) as authentication for Templafy, you would need to create/ add a new Enterprise Application designated for SCIM.

Sk_rmbillede_2019-09-24_kl._14.57.11.png

Search for Templafy in the Gallery and click add to choose the highlighted (Templafy SAML2) application
Select the Provisioning tab
Set the Provisioning Mode to Automatic.
Under the Admin Credentials section, input https://scim.templafy.com/scim in Tenant URL. Input the SCIM API Key value retrieved earlier in Secret Token. Click Test Connection to ensure Azure AD can connect to Templafy. If the connection fails, ensure your Templafy account has Admin permissions and try again.
In the Notification Email field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - Send an email notification when a failure occurs.
Click Save
Under the Mappings section, select Synchronize Azure Active Directory Groups to Templafy.
Review the group attributes that are synchronized from Azure AD to Templafy in the Attribute Mapping section. The attributes selected as Matching properties are used to match the groups in Templafy for update operations. Select the Save button to commit any changes.
To configure scoping filters, refer to the following instructions provided here
To enable the Azure AD provisioning service for Templafy, change the Provisioning Status to On in the Settings section.
Define the users and/or groups that you would like to provision to Templafy by choosing the desired values in Scope in the Settings section.
When you are ready to provision, click Save.
If you decide to Sync only assigned users and groups. Please navigate back to Users and Groups section of the App to add relevant users and/ or groups

Note

This operation starts the initial synchronization of all users and/or groups defined in Scope in the Settings section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
You can use the Synchronization Details section to monitor progress and follow links to provisioning activity report, which describes all actions performed by the Azure AD provisioning service on Templafy.

For further information, please see Microsoft's tutorial on the this topic
How to setup SCIM for OneLogin
What is SCIM and how does Templafy use it

Articles in this section