About this article
This article provides instructions on how to set up SCIM within the Microsoft Entra ID SAML2 and OpenID Connect single sign-on applications.
- 1. Generate the SCIM (Secret) Token
- 2. Configure SCIM in Microsoft Entra ID
- 3. Assign User or User Groups to the SCIM application
- 4. (SAML2 Only) Verify the Attribute Mappings within the SCIM Configuration
- 5. (SAML2 Only) Mapping of Custom Claims
- 6. Test SCIM using Provision on demand
- 7. Enable SCIM
Prerequisites
|
1. Generate the SCIM (Secret) Token
- Ensure the Public API module has been enabled in the Templafy Admin Center
- Navigate to the
Account
section - In the
API Keys
tab, clickCreate key
- Provide a name to the key
- Click
Next
- Click
Add scope
and selectscim
- Click
Create
- Click
Copy key
for use in step 2 below
|
|
2. Configure SCIM in Microsoft Entra ID
- Open the Templafy OpenID Connect or SAML2 enterprise application in Microsoft Entra ID
- Navigate to the
Provisioning
tab - Select
Automatic
in the Provisioning Mode dropdown - Under the
Admin Credentials
section, fill in theTenant URL
andSecret token
- Tenant URL format is - https://[templafytenantid].api.templafy.com/v1/scim/
- The Secret token was generated in step 1 above
- Click
Test connection
- Once the connection has been established, Save the configuration
- Return to the main application screen
3. Assign User or User Groups to the SCIM application
- Open the Templafy OpenID Connect or SAML2 enterprise application in Microsoft Entra ID
- Navigate to the
Users and groups
tab - Click
Add user/group
on the top ribbon - Under
Users and groups
, clickNone selected
- Search for the user or group
- Click the user or group and then click the blue
Select
button - Click
Assign
4. (SAML2 Only) Verify the Attribute Mappings within the SCIM Configuration
|
- Open the Templafy SAML2 enterprise application in Microsoft Entra ID
- Navigate to the
Provisioning
tab - Click
Edit attribute mappings
- Scroll down to the
Mappings
section - Click on
Provision Microsoft Entra ID Users
- Click on the attribute to re-map
- In the example below, updating the UPN to e-mail
- Under
Source attribute
, find themail
attribute and clickOk
at the bottom
- Under
- In the example below, updating the UPN to e-mail
- Save the changes
5. (SAML2 Only) Mapping of Custom Claims
|
- Open the Templafy SAML2 enterprise application in Microsoft Entra ID
- Navigate to the
Provisioning
tab - Click
Edit attribute mappings
- Scroll down to the
Mappings
section - Select
Provision Microsoft Entra ID Users
- Click
Add New Mapping
- Within the Target attribute choose a Templafy custom claim and select the attribute that should be send with it in the Source attribute.
6. Test SCIM using Provision on demand
It is important to test SCIM with a user prior to running the initial synchronization to ensure the user is successfully created in Templafy with accurate AD claim data.
In order to use the Provision on demand
feature, the user must already be assigned to the application. This feature does not support provisioning of groups, only users.
- Open the Templafy OpenID Connect or SAML2 enterprise application in Microsoft Entra ID
- Navigate to the
Provisioning
tab - Click
Provision on demand
on the top ribbon - Search for the user you want to provision on-demand
- Select the user
- Click
Provision
After the user is provisioned, export details are shown along with other useful information about the provision including scoping, matching, and action details.
7. Enable SCIM
-
Open the Templafy OpenID Connect or SAML2 enterprise application in Microsoft Entra ID
-
Navigate to the
Provisioning
tab -
Click
Start provisioning
on the top bar
When you start provisioning, all users or groups who are assigned to the application will then be synced into your Templafy tenant. Once the initial sync is finished, you are able to check the Provisioning logs to check the status of the sync (who was synced and who was not synced).
Related articles
Comments
Article is closed for comments.