About this article
The objective of this article is to demonstrate the steps to be performed in Templafy SAML2 within Azure Active Directory (Azure AD) to automatically provision and de-provision users and/or groups to Templafy. If you're looking for more general information about SCIM and what it is, please go to our other article: What is SCIM and how does Templafy use it?
Sections in this article:
Steps explained below are needed actions from Templafy/Implementation partners:
- Go to tenant.templafy.com in a browser and click Administration
- Navigate to Authentication Method section in the admin interface
- Scroll further down where you will see a field called The SCIM API Key.
- Generate a key, copy it and send to client IT
- This value will be entered in the Secret Token field in the Provisioning tab of your Templafy SAML2 application in the Azure portal.
- Go to your Azure Portal and sign in (Important: make sure you are in the correct directory!)
- In the left navigation panel, select Azure Active Directory
- Navigate to Enterprise applications, and then select All applications.
- To add a new application, select the New application button at the top of the pane.
- In the search box, enter Templafy, select Templafy SAML2 in the results panel, and then click the Add button to add the application.
- Once the Application is added to your directory, navigate to the Provisioning tab
- Set the Provisioning Mode to Automatic.
- Under the Admin Credentials section, input
https://scim.templafy.com/scimin Tenant URL. Input the SCIM API Key value retrieved earlier in Secret Token. Click Test Connection to ensure Azure AD can connect to Templafy. If the connection fails, ensure your Templafy account has Admin permissions and try again.
- In the Notification Email field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - Send an email notification when a failure occurs.
- Click Save
- Under the Mappings section, select Synchronize Azure Active Directory Users to Templafy
- Review the user attributes that are synchronized from Azure AD to Templafy in the Attribute Mappings section. The attributes selected as Matching properties are used to match the user accounts in Templafy SAML2 for update operations.
- Under the Mappings section, select Synchronize Azure Active Directory Groups to Templafy.
- Review the group attributes that are synchronized from Azure AD to Templafy in the Attribute Mapping section. The attributes selected as Matching properties are used to match the groups in Templafy for update operations. Select the Save button to commit any changes.
- To configure scoping filters, refer to the following instructions provided here
- To enable the Azure AD provisioning service for Templafy, change the Provisioning Status to On in the Settings section.
- Define the users and/or groups that you would like to provision to Templafy by choosing the desired values in Scope in the Settings section.
- It is highly recommended to keep the scope to Sync only assigned users and groups
- When you are ready to provision, click Save.
- Should you have opted in for Sync only assigned users and groups, as recommended. Please navigate back to Users and Groups section of the App to add relevant users and/ or groups
- When assigning a user to Templafy SAML2, you must select any valid application-specific role (if available) in the assignment dialog. Users with the Default Access role are excluded from provisioning.