SCIM - Getting started - Custom Enterprise App

Owned by Henning Støverud
Last updated: 2024-03-07 by Dmitry Kalinin
9 min read

Here comes step by step guide how to setup users and groups synchronisation in Azure Portal from Entra ID via SCIM schema with Custom Enterprise App. This will allow to synchronise users and groups data from customer system down to Talentech ID, Talentech Admin and respective products, like Webcruiter, ReachMee, etc that customers use.

Prerequisites

  • Talentech need to enable SCIM integration for your tenant and provide you with an access token

  • Talentech ID needs to be enabled for your tenant

  • Your user account needs to be in the User Administrator access group

  • Your primary domain must be added as a verified domain in Talentech

 

Steps

  1. Login to Azure Portal and choose Microsoft Entra ID resource

Screenshot 2024-02-23 at 10.01.27.png
Choosing Microsoft Entra ID resource

  1. From menu to the left choose “Enterprise applications“

Screenshot 2024-02-23 at 10.03.03.png
Enterprise applications

  1. Choose create new application

 

  1. Choose “Create you own application“, give it a name and click “Create“

 

  1. When app is created choose “Provisioning“ from menu to the left

  1. On the next screen choose “Get started“

  1. When window with provisioning settings is opened

    • choose first “Provisioning Mode“ - “Automatic“

    • Fill out tenant URL

      https://api.talentech.io/scim/v1/

    • Fill out secret that you received from Talentech

    • And click “Test Connection“, make sure that test is successful

    • Then click “Save” and close “Settings” screen

 

 

  1. Then choose again “Provisioning“ section in menu to the left, expand “Mappings“ section and click on “Provision Microsoft Entra ID Users“

  1. Since this is Custom Enterprise App Microsoft will pre-fill many properties for mapping that is not relevant for synchronising with Talentech. Remove them and make sure that these properties are left after all.

These properties should be on place after removing all other unnecessary properties

  • userName

  • active

  • name.givenName

  • name.familyName

  • externalId

  1. Now we need to change mapping of the following properties from default values that Microsoft pre-filled

    1. Property “externalId“ should be mapped to “objectId“

    2. Property active should change expression to Not([IsSoftDeleted])

So click “Edit“ button on this properties and change mapping according how it is shown on Figures below

So after this step properties list and their mappings should look like this.

  1. Now its time to add some custom properties related to Webcruiter product and map them to the attributes

This step and some following up only applies if you plan to use Webcruiter extension of your SCIM data

If this is not relevant for you then you can skip to the step 15

Click on “Show advanced options“ and then click on “Edit attribute list for customappsso“

  1. In the end of the long list of properties enter the following new ones

When these properties are added, click “Save“

  1. Now click “Add New Mapping“ and assign mappings to newly created custom properties to the following attributes

  1. So now properties list and their mappings should look like this. Pay attention that some properties mappings are dependent on customer choice and presented on picture just for example. Do not forget to click “Save“ after all.

  1. Now its time to add some custom properties related to Talent Recruiter product and map them to the attributes

Click on “Show advanced options“ and then click on “Edit attribute list for customappsso“

  1. In the end of the long list of properties enter the following new ones

When these properties are added, click “Save“

  1. Now click “Add New Mapping“ and assign mappings to newly created custom properties to the following attributes

  1. So now properties list and their mappings should look like this. Pay attention that some properties mappings are dependent on customer choice and presented on picture just for example. Do not forget to click “Save“ after all.

  1. Now its time to add some custom properties related to ReachMee product and map them to the attributes

Click on “Show advanced options“ and then click on “Edit attribute list for customappsso“

  1. In the end of the long list of properties enter the following new ones

When these properties are added, click “Save“

  1. Now click “Add New Mapping“ and assign mappings to newly created custom properties to the following attributes

  1. So now properties list and their mappings should look like this. Pay attention that some properties mappings are dependent on customer choice and presented on picture just for example. Do not forget to click “Save“ after all.

  1. Now go back to the initial window of our custom Enterprise App and choose “Provision Microsoft Entra ID Groups“ in “Mappings“ section

  1. Here everything should be OK by default so just check and close the window

  1. Now you click on “Users and groups“ in the initial window of our custom Enterprise App, then click on “Add user/group“ and assign users and groups that will be synchronised with Talentech ID.

  1. Now its time to start auto provisioning. Go to the initial window of our custom Enterprise App and click on “Start provisioning“

  1. Provisioning happens automatically every 40 minutes. But you can try also “Provision on demand“ just to test it out. Go to “Provision on demand“ and search some user, then click on “Provision“ button and check results.

 

  1. All statuses of the results of “Provision on demand“ should be green and all properties should get values from mapped attributes.

 

  1. Congratulations. You have successfully created users and groups synchronisation via SCIM scheme with custom Enterprise App

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

https://www.talentech.com