/
SCIM - Getting started - Custom Enterprise App

SCIM - Getting started - Custom Enterprise App

Owned by Henning Støverud
Last updated: 2025-01-29 by Dmitry Kalinin
10 min read

This is a step by step guide on how to setup users and groups synchronisation from Entra ID via SCIM with a Custom Enterprise App. This will allow to synchronise users and groups data from customer system down to Talentech ID, Talentech Admin and respective products, like Webcruiter, ReachMee, etc that customers use.

Prerequisites

  • Talentech need to enable SCIM integration for your tenant and provide you with an access token

  • Talentech ID needs to be enabled for your tenant

  • Your user account needs to be in the User Administrator access group

  • Your primary domain must be added as a verified domain in Talentech

 

Steps

  1. Login to Azure Portal and choose Microsoft Entra ID resource

Screenshot 2024-02-23 at 10.01.27.png
Choosing Microsoft Entra ID resource

  1. From menu to the left choose “Enterprise applications“

Screenshot 2024-02-23 at 10.03.03.png
Enterprise applications

  1. Choose create new application

Screenshot 2024-02-23 at 10.05.45.png
Creating new Entreprise app

 

  1. Choose “Create you own application“, give it a name and click “Create“

Screenshot 2024-02-23 at 10.07.14.png

 

Screenshot 2024-02-23 at 10.08.36.png
Giving an app a meaningful name

  1. When app is created choose “Provisioning“ from menu to the left

Screenshot 2024-02-23 at 10.14.00.png

  1. On the next screen choose “Get started“

Screenshot 2024-02-23 at 10.16.11.png

  1. When window with provisioning settings is opened

    • choose first “Provisioning Mode“ - “Automatic“

    • Fill out tenant URL

      https://api.talentech.io/scim/v1/

    • Fill out secret that you received from Talentech

    • And click “Test Connection“, make sure that test is successful

    • Then click “Save” and close “Settings” screen

Screenshot 2024-02-23 at 10.20.16.png
Provisioning setting screen

 

Screenshot 2024-02-23 at 10.21.12.png
Connection successfully tested

 

  1. Then choose again “Provisioning“ section in menu to the left, expand “Mappings“ section and click on “Provision Microsoft Entra ID Users“

Screenshot 2024-02-23 at 10.22.15.png
Setting up mappings for provisioning of users

  1. Since this is Custom Enterprise App Microsoft will pre-fill many properties for mapping that is not relevant for synchronising with Talentech. Remove them and make sure that these properties are left after all.

These properties should be on place after removing all other unnecessary properties

  • userName

  • active

  • name.givenName

  • name.familyName

  • externalId

Screenshot 2024-02-23 at 10.39.32.png
Properties for deletion marked with red squares
Screenshot 2024-02-23 at 10.50.38.png
Properties that are left after deletion of all others
Screenshot 2024-02-23 at 10.52.59.png
Properties that are left after deletion of all others

  1. Now we need to change mapping of the following properties from default values that Microsoft pre-filled

    1. Property “externalId“ should be mapped to “objectId“

    2. Property active should change expression to Not([IsSoftDeleted])

So click “Edit“ button on this properties and change mapping according how it is shown on Figures below

Screenshot 2024-02-23 at 10.58.09.png
Editing mappings for “externalId” and “active” properties
Screenshot 2024-02-26 at 09.37.31.png
Edit mapping to “objectId“ value and click “OK“
Screenshot 2024-02-26 at 09.40.03.png
Edit mapping to Not([IsSoftDeleted]) and click “OK”
Screenshot 2024-02-26 at 09.45.42.png
Don't forget to click “Save“ regularly

So after this step properties list and their mappings should look like this.

Screenshot 2024-03-07 at 12.32.53.png
Core User data properties and their mapping to Microsoft Entra ID attributes

  1. Now its time to add some custom properties related to Webcruiter product and map them to the attributes

This step and some following up only applies if you plan to use Webcruiter extension of your SCIM data

If this is not relevant for you then you can skip to the step 15

Click on “Show advanced options“ and then click on “Edit attribute list for customappsso“

Screenshot 2024-02-26 at 09.52.01.png
Adding custom attributes for Webcruiter extension of SCIM schema

  1. In the end of the long list of properties enter the following new ones (Either for Version 1 or Version 2)

Important: Fields below relates to Webcruiter extension Version 1

The following properties should be added:

  • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemaversion (Type: String)

  • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_organisationUnitId (Type: String)

  • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_roleId (Type:String)

Screenshot 2024-02-26 at 09.58.38.png
Adding new custom properties for Webcruiter extension Version 1 of SCIM schema

 

Important: Fields below relates to Webcruiter extension Version 2

The following properties should be added:

  • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemaversion (Type: String)

  • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_roleId (Type:String)

  • Define as many organization units as one user can possibly be part of:

    • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_organisationUnits{0} (Type: String)

    • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_organisationUnits{1} (Type: String)

    • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_organisationUnits{2} (Type: String)

    • … (etc)

Untitled.png
Adding new custom properties for Webcruiter extension Version 2 of SCIM schema

 

When these properties are added, click “Save“

Screenshot 2024-02-26 at 09.58.53.png
Saving list of custom attributes after all

  1. Now click “Add New Mapping“ and assign mappings to newly created custom properties to the following attributes

Add mapping of the newly created custom properties to the following attributes

  • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemaversion

    • type: Constant

    • value: 1.0 (for Version 1) or 2.0 (for Version 2)

  • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_roleId

    • customer decides self to which Entra ID attribute map this property

  • For Version 1

    • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_organisationUnitId

      • customer decides self to which Entra ID attribute map this property

  • For Version 2

    • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_organisationUnits{0}

      • customer decides self to which Entra ID attribute map this property

    • urn:ietf:params:scim:schemas:extension:talentech:webcruiter:schemadata_organisationUnits{1}

      • customer decides self to which Entra ID attribute map this property

    • … (etc)

Screenshot 2024-02-26 at 10.34.40.png
Mapping property “schemaversion“ to constant value “1.0” in case of Version 1 of SCIM extension

 

Untitled2.png
Mapping property “schemaversion“ to constant value “2.0” in case of Version 2 of SCIM extension

 

Screenshot 2024-02-26 at 10.40.12.png
Example of mapping property “roleId“ to “jobTitle“ attribute

 

Screenshot 2024-02-26 at 10.37.45.png
Example of mapping property “organisationUnitId“ to “department“ attribute in Version 1 of extension

 

Untitled5.png
Example of mapping property “organisationUnits{0}“ to “department 1“ attribute in Version 2 of extension

 

Untitled6.png
Example of mapping property “organisationUnits{1}“ to “department 2“ attribute in Version 2 of extension

 

  1. So now properties list and their mappings should look like this. Pay attention that some properties mappings are dependent on customer choice and presented on picture just for example. Do not forget to click “Save“ after all.

Screenshot 2024-02-26 at 10.43.39.png
Mapping User and Webcruiter extension Version 1 SCIM properties to MS Entra ID attributes

 

Untitled4.png
Mapping User and Webcruiter extension Version 2 SCIM properties to MS Entra ID attributes

 

  1. Now its time to add some custom properties related to Talent Recruiter product and map them to the attributes

This step and some following up only applies if you plan to use Talent Recruiter extension of your SCIM data

If this is not relevant for you then you can skip to the step 19

Click on “Show advanced options“ and then click on “Edit attribute list for customappsso“

Screenshot 2024-02-26 at 09.52.01.png
Adding custom attributes for Talent Recruiter extension of SCIM schema

  1. In the end of the long list of properties enter the following new ones

Talent Recruiter extension supports defining AccessLevels with multiple departments and corresponding roles. Below there is given an example if there one access level given with department and role. If more departments with roles can be just defined more variables with increased index, e.g. 0, 1, 2, …

The following properties should be added:

  • urn:ietf:params:scim:schemas:extension:talentech:talentrecruiter:schemaversion (Type: String)

  • urn:ietf:params:scim:schemas:extension:talentech:talentrecruiter:schemadata_accessLevels{0}_externalDepartmentId (Type: String)

  • urn:ietf:params:scim:schemas:extension:talentech:talentrecruiter:schemadata_accessLevels{0}_roleId (Type:String)

When these properties are added, click “Save“

Screenshot 2024-11-01 at 14.00.33.png
Adding new custom properties for Talent Recruiter extension of SCIM schema
Screenshot 2024-02-26 at 09.58.53.png
Saving list of custom attributes after all

  1. Now click “Add New Mapping“ and assign mappings to newly created custom properties to the following attributes

Add mapping of the newly created custom properties to the following attributes

  • urn:ietf:params:scim:schemas:extension:talentech:talentrecruiter:schemaversion

    • type: Constant

    • value: 1.0

  • urn:ietf:params:scim:schemas:extension:talentech:talentrecruiter:schemadata_accessLevels{0}_externalDepartmentId

    • customer decides self to which Entra ID attribute map this property

  • urn:ietf:params:scim:schemas:extension:talentech:talentrecruiter:schemadata_accessLevels{0}_roleId

    • customer decides self to which Entra ID attribute map this property

Screenshot 2024-03-07 at 10.37.43.png
Mapping property “schemaversion“ to constant value “1.0”
Screenshot 2024-11-01 at 14.02.29.png
Example of mapping property “externalDepartmentId“ to “department“ attribute
Screenshot 2024-11-01 at 14.03.01.png
Example of mapping property “roleId“ to “jobTitle“ attribute

  1. So now properties list and their mappings should look like this. Pay attention that some properties mappings are dependent on customer choice and presented on picture just for example. Do not forget to click “Save“ after all.

Screenshot 2024-11-01 at 14.05.39.png
Mapping User and Talent Recruiter extension SCIM properties to MS Entra ID attributes

  1. Now its time to add some custom properties related to ReachMee product and map them to the attributes

This step and some following up only applies if you plan to use ReachMee extension of your SCIM data

If this is not relevant for you then you can skip to the step 23

Click on “Show advanced options“ and then click on “Edit attribute list for customappsso“

Screenshot 2024-02-26 at 09.52.01.png
Adding custom attributes for ReachMee extension of SCIM schema

  1. In the end of the long list of properties enter the following new ones

The following properties should be added:

  • urn:ietf:params:scim:schemas:extension:talentech:reachmee:schemaversion (Type: String)

  • urn:ietf:params:scim:schemas:extension:talentech:reachmee:schemadata_domain (Type: String)

  • urn:ietf:params:scim:schemas:extension:talentech:reachmee:schemadata_externalOrgUnitId (Type:String)

  • urn:ietf:params:scim:schemas:extension:talentech:reachmee:schemadata_roleId (Type:String)

When these properties are added, click “Save“

Screenshot 2024-03-07 at 12.01.56.png
Adding new custom properties for ReachMee extension of SCIM schema
Screenshot 2024-02-26 at 09.58.53.png
Saving list of custom attributes after all

  1. Now click “Add New Mapping“ and assign mappings to newly created custom properties to the following attributes

Add mapping of the newly created custom properties to the following attributes

  • urn:ietf:params:scim:schemas:extension:talentech:reachmee:schemaversion

    • type: Constant

    • value: 1.0

  • urn:ietf:params:scim:schemas:extension:talentech:reachmee:schemadata_domain

    • customer decides self to which Entra ID attribute map this property

  • urn:ietf:params:scim:schemas:extension:talentech:reachmee:schemadata_externalOrgUnitId

    • customer decides self to which Entra ID attribute map this property

  • urn:ietf:params:scim:schemas:extension:talentech:reachmee:schemadata_roleId

    • customer decides self to which Entra ID attribute map this property

Screenshot 2024-03-07 at 12.06.16.png
Mapping property “schemaversion“ to constant value “1.0”
Screenshot 2024-03-07 at 12.07.27.png
Example of mapping property “domain“ to constant value “domain-123.com“
Screenshot 2024-03-07 at 12.08.25.png
Example of mapping property “externalOrgUnitId“ to “department“ attribute
Screenshot 2024-03-07 at 12.09.03.png
Example of mapping property “roleId“ to “jobTitle“ attribute

  1. So now properties list and their mappings should look like this. Pay attention that some properties mappings are dependent on customer choice and presented on picture just for example. Do not forget to click “Save“ after all.

Screenshot 2024-03-07 at 12.13.45.png
Mapping User and ReachMee extension SCIM properties to MS Entra ID attributes

  1. Now go back to the initial window of our custom Enterprise App and choose “Provision Microsoft Entra ID Groups“ in “Mappings“ section

Screenshot 2024-02-26 at 10.46.41.png
Adjusting “Groups“ mapping

  1. Here everything should be OK by default so just check and close the window

Screenshot 2024-02-26 at 10.49.47.png
This is how groups mapping should be defined. Should be OK by default.

  1. Now you click on “Users and groups“ in the initial window of our custom Enterprise App, then click on “Add user/group“ and assign users and groups that will be synchronised with Talentech ID.

Screenshot 2024-02-26 at 12.34.52.png
Assigning users and groups for synchronising via SCIM

  1. Now its time to start auto provisioning. Go to the initial window of our custom Enterprise App and click on “Start provisioning“

Screenshot 2024-02-26 at 13.08.06.png
Starting auto provisioning
Screenshot 2024-02-26 at 13.09.36.png

  1. Provisioning happens automatically every 40 minutes. But you can try also “Provision on demand“ just to test it out. Go to “Provision on demand“ and search some user, then click on “Provision“ button and check results.

Screenshot 2024-02-26 at 13.11.35.png
Screenshot 2024-02-26 at 13.14.17.png
Doing “Provision on demand“ for some users

 

  1. All statuses of the results of “Provision on demand“ should be green and all properties should get values from mapped attributes.

Screenshot 2024-02-26 at 13.16.11.png
Green statuses of “Provision on demand“
Screenshot 2024-02-26 at 13.38.18.png
All properties gets values from mapped attributes

 

  1. Congratulations. You have successfully created users and groups synchronisation via SCIM scheme with custom Enterprise App

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Related content

https://www.talentech.com