SCIM provisioning with Microsoft Entra

Mike Salyga
Mike Salyga
  • Updated

The integration between Microsoft Entra and Ziflow that enables this provisioning is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management). Please see this article to learn how Microsoft Entra works with SCIM.

The remainder of this guide is focused on enabling you to configure both Ziflow and Microsoft Entra to get provisioning up and running for your organization.

  1. Requirements

  2. Supported Features

  3. Configuration Steps

  4. Known Issues/Troubleshooting

Prerequisites

SCIM-based user provisioning is available to Enterprise customers.

Before you set up SCIM in your Microsoft Entra admin dashboard, please follow the guide on configuring the Microsoft Entra SSO integration with Ziflow.

Configuring SSO requires having admin access to the Ziflow account.

 

Supported provisioning actions

Ziflow supports the following provisioning features at present:

  • Push Users. Users in Microsoft Entra assigned to the Ziflow application may be added as members of your Ziflow account.

  • Import Users. Users created in Ziflow can be imported into Microsoft Entra and either matched against existing users or created as new Microsoft Entra users.

Configuring SCIM

Steps to be actioned in the Ziflow application:

  1. Sign in to your Ziflow account with an account that has admin rights.

  2. Open your user profile and copy the API key from it.

Steps to be performed in the Microsoft Entra admin portal:

  1.  Set up Microsoft Entra ID Enterprise Application. In the Microsoft Entra ID Portal, select Enterprise Applications and click New application. An image within a lightbox
  2. Click Create your own application.
  3. Give your application a Name, choose “Integrate any other application you don't find in the gallery (Non-gallery)” and click Create.
  4. In the Manage tab of the new application, choose Provisioning. Choose the Automatic provisioning mode. Enter Admin Credentials, which you will find from the Scoro SCIM setup page.

    Tenant URL = https://api.ziflow.io/v1/scim/v2
    Secret token = API key (copied from Ziflow admin profile)

    Click Test Connection. If credentials are correct, you will see a success message in the top right corner and you will be able to Save the settings.
  5. After you have successfully saved the credentials, you will need to configure the Mappings and Settings sections. Open Attribute mapping tab to configure the mapping between Ziflow and Microsoft Entra ID.
  6. Open Provision Microsoft Entra ID Groups mapping and disable it. 
  7. Open Provision Microsoft Entra ID Users mapping disable the Update and Delete target object actions. Please also remove all attribute mappings besides the following four attributes, which are supported by the Ziflow application:
    userName
    emails[type eq "work"].value
    name.givenName
    name.familyName
    The complete list of mapped values looks like this:
  8. Once the user attribute mapping is saved, the user provisioning between Ziflow and Microsoft Entra ID is now configured.

Now, you can go to the Users and Groups tab and assign users to your application. Once you have added users, please click the Start provisioning button and wait for them to appear on the Ziflow side. 

Known Issues/Troubleshooting

  • We currently do not support the following provisioning actions: pushing profile updates, pushing groups, or importing groups.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.