User Management
      Back to home
      1. snapADDY Knowledge Base
      2. Global Settings
      3. User Management

      Configuring SCIM User Provisioning With Azure Active Directory / Entra ID

      Learn how you can configure SCIM with Microsoft Entra ID (formerly known as Azure AD) for automatic user provisioning to snapADDY

      This article explains how to configure Microsoft Entra ID (formerly Azure Active Directory) as a SCIM client for snapADDY. By following these steps, you can streamline user provisioning and management in one centralized location.

        Prerequisites 

      • You have an SCIM API key configured in the User provisioning section of your organization.
      • You have the permissions to configure user provisioning in Entra ID (one of: Application Administrator, Cloud Application Administrator, Global Administrator)

      We recommend to use SCIM along with either SAML or OpenID-Connect Single-SignOn and to disable login via username and password in the Login & Security section of your organization. Make sure to also disable the snapADDY invitation email for your users under Invitation & Onboarding. This way users will not be asked to configure a password for their account. 

      Set up and Enterprise Application in Azure

      If you have already configured an Enterprise Application for snapADDY or already use the snapADDY Single Sign On app in Azure you can skip this part and move on with Configure User Provisioning.

      1. Go to Enterprise Applications in Azure and choose New Application -> Create your own Application.
      2. On the right side of the screen choose: Integrate any other application you don't find in the gallery (Non-gallery).
      3. Provide a name for the application such as snapADDY User Provisioning or snapADDY Single SignOn if you intent to also configure SAML later on with the same application.

       

      Configure User Provisioning

      1. Click on Provisioning in the left navigation bar of the Enterprise Application and then Get startet. Click on Connect your application.  
      2. Use the following settings
        1. Provisioning Mode: Automatic.
        2. Tenant URL: https://backend.snapaddy.com/auth/v1/scim?aadOptscim062020
      3. Click Test Connection and Save after a successful connection check.

         
      4. Next configure the Attribute Mapping  for Provision Microsoft Entra ID Users. 

        customappsso Attribute Microsoft Entra ID Attribute
        userName mail
        addresses[type eq "work"].locality city
        addresses[type eq "work"].country country
        phoneNumbers[type eq "fax"].value facsimileTelephoneNumber
        name.givenName givenName
        active Switch([IsSoftDeleted], , "False", "True", "True", "False")    
        name.familyName surname
        locale Mid([preferredLanguage], 1, 2)    
        phoneNumbers[type eq "mobile"].value mobile
        urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization companyName
        phoneNumbers[type eq "work"].value telephoneNumber
        title jobTitle
        addresses[type eq "work"].region state
        addresses[type eq "work"].streetAddress streetAddress
        addresses[type eq "work"].postalCode postalCode
        Remove any other attributes and set the Matching precedence of the mail attribute to 1.

      Configure Group Provisioning

      The following steps are required only if you plan to provision licenses or business card templates via SCIM.

      When provisioning licenses through SCIM, you must either use concurrent licenses or ensure that you have purchased enough licenses to allocate one per user. Failing to do so will require you to manually resolve licensing conflicts by ensuring the number of users configured in your identity provider does not exceed the available licenses.

      1. First go back to the User provisioning setttings of your organization in snapADDY.
      2. For all licenses to be assigned to users via SCIM, specify the corresponding Entra Object ID (unique identifier of the Entra group).

      3. Configure the Attribute Mapping  for Provision Microsoft Entra ID Groups.

        customappsso Attribute Microsoft Entra ID Attribute
        externalId  objectId
        displayName  displayName
        members members

      Finish the set up

      1. Under Settings set Scope to Sync only assigned users and groups.
      2. Set Provisioning Status to On and Save your settings. 
      3. Go back to your Enterprise Application and choose Users and groups in the left navigation bar.
      4.  Add all users or groups of your organization that should have a snapADDY account provisioned. 

      🎉 You are all set up. The initial provisioning cycle will run automatically. If any errors occur while user provisioning you can see them in the Provisioning Logs of your Enterprise Application.