About SCIM provisioning for Microsoft Azure AD
About this guide
The SCIM provisioning for Microsoft Azure AD guide is for Azure Active Directory administrators who want to configure user provisioning for Condeco using Condeco SCIM API. It assumes familiarity with Azure AD, basic identity management concepts, and the SCIM standard.
The key steps are provided, however, this is not a comprehensive guide. For utilizing the full potential of SCIM, please refer to the SCIM 2.0 protocol specification http://www.simplecloud.info/#Specification.
Our SCIM integration supports SCIM version 2.0 and is certified for Azure Active Directory.
Prerequisites
The following are required:
- Azure Active Directory
- The following values as provided by Condeco:
- Condeco SCIM API URL
- Condeco SCIM Token provider URL
- SCIM client ID
- SCIM client secret token
- Long-lived SCIM token generated from SCIM Token Provider (up to 10 years).
Supported actions
When the SCIM integration between Azure AD and Condeco is ready, the following actions performed from the Azure directory are also be applied to the users in Condeco.
| Action in Azure AD | Notes |
|---|---|
| Create users | Condeco requires a unique username for each user. If the username already exists in Condeco, the SCIM User creation is rejected by our SCIM API. |
| Delete users | |
| Update user attributes | Updates to user profiles in Azure AD are pushed to Condeco. |
| Add a group | Adding a group creates a corresponding group in Condeco. Any group members (who exist in Condeco) are automatically mapped to the Condeco group. |
| Remove a group | |
| Update Groups attributes | Group attribute ‘displayName’ can be updated. |
| Add/remove users to/from a group |