SCIM - Getting started - Custom Enterprise App
This is a step by step guide on how to setup users and groups synchronisation from Entra ID via SCIM with a Custom Enterprise App. This will allow to synchronise users and groups data from customer system down to Talentech ID, Talentech Admin and respective products, like Webcruiter, ReachMee, etc that customers use.
Prerequisites
Talentech need to enable SCIM integration for your tenant and provide you with an access token
Talentech ID needs to be enabled for your tenant
Your user account needs to be in the
User Administrator
access groupYour primary domain must be added as a verified domain in Talentech
Steps
Login to Azure Portal and choose Microsoft Entra ID resource
From menu to the left choose “Enterprise applications“
Choose create new application
Choose “Create you own application“, give it a name and click “Create“
When app is created choose “Provisioning“ from menu to the left
On the next screen choose “Get started“
When window with provisioning settings is opened
choose first “Provisioning Mode“ - “Automatic“
Fill out tenant URL
https://api.talentech.io/scim/v1/
Fill out secret that you received from Talentech
And click “Test Connection“, make sure that test is successful
Then click “Save” and close “Settings” screen
Then choose again “Provisioning“ section in menu to the left, expand “Mappings“ section and click on “Provision Microsoft Entra ID Users“
Since this is Custom Enterprise App Microsoft will pre-fill many properties for mapping that is not relevant for synchronising with Talentech. Remove them and make sure that these properties are left after all.
These properties should be on place after removing all other unnecessary properties
userName
active
name.givenName
name.familyName
externalId
Now we need to change mapping of the following properties from default values that Microsoft pre-filled
Property “externalId“ should be mapped to “objectId“
Property active should change expression to
Not([IsSoftDeleted])
So click “Edit“ button on this properties and change mapping according how it is shown on Figures below
So after this step properties list and their mappings should look like this.
Now its time to add some custom properties related to Webcruiter product and map them to the attributes
This step and some following up only applies if you plan to use Webcruiter extension of your SCIM data
If this is not relevant for you then you can skip to the step 15
Click on “Show advanced options“ and then click on “Edit attribute list for customappsso“
In the end of the long list of properties enter the following new ones
When these properties are added, click “Save“
Now click “Add New Mapping“ and assign mappings to newly created custom properties to the following attributes
So now properties list and their mappings should look like this. Pay attention that some properties mappings are dependent on customer choice and presented on picture just for example. Do not forget to click “Save“ after all.
Now its time to add some custom properties related to Talent Recruiter product and map them to the attributes
Click on “Show advanced options“ and then click on “Edit attribute list for customappsso“
In the end of the long list of properties enter the following new ones
Talent Recruiter extension supports defining AccessLevels with multiple departments and corresponding roles. Below there is given an example if there one access level given with department and role. If more departments with roles can be just defined more variables with increased index, e.g. 0, 1, 2, …
When these properties are added, click “Save“
Now click “Add New Mapping“ and assign mappings to newly created custom properties to the following attributes
So now properties list and their mappings should look like this. Pay attention that some properties mappings are dependent on customer choice and presented on picture just for example. Do not forget to click “Save“ after all.
Now its time to add some custom properties related to ReachMee product and map them to the attributes
Click on “Show advanced options“ and then click on “Edit attribute list for customappsso“
In the end of the long list of properties enter the following new ones
When these properties are added, click “Save“
Now click “Add New Mapping“ and assign mappings to newly created custom properties to the following attributes
So now properties list and their mappings should look like this. Pay attention that some properties mappings are dependent on customer choice and presented on picture just for example. Do not forget to click “Save“ after all.
Now go back to the initial window of our custom Enterprise App and choose “Provision Microsoft Entra ID Groups“ in “Mappings“ section
Here everything should be OK by default so just check and close the window
Now you click on “Users and groups“ in the initial window of our custom Enterprise App, then click on “Add user/group“ and assign users and groups that will be synchronised with Talentech ID.
Now its time to start auto provisioning. Go to the initial window of our custom Enterprise App and click on “Start provisioning“
Provisioning happens automatically every 40 minutes. But you can try also “Provision on demand“ just to test it out. Go to “Provision on demand“ and search some user, then click on “Provision“ button and check results.
All statuses of the results of “Provision on demand“ should be green and all properties should get values from mapped attributes.
Congratulations. You have successfully created users and groups synchronisation via SCIM scheme with custom Enterprise App