Skip to main content

SCIM Setup Guide - Azure

Robbie Cooper
Updated

Introduction

This article describes the process of integrating your Identity Provider (IdP) with our System for Cross-domain Identity Management (SCIM) service. We will cover the information you'll need to get started and describe the process for popular IdPs such as Azure and Okta.

About SCIM

SCIM is an open standard protocol that enables automated user provisioning and deprovisioning between identity management systems (such as an identity provider) and service providers, such as Immersive. SCIM simplifies the process of managing user identities and access across different systems and applications.

The SCIM protocol defines a set of RESTful APIs that allow for the creation, modification, and deletion of user accounts, as well as the retrieval of user attributes and group information. It provides a standardized way for identity providers and service providers to communicate and synchronize user data, ensuring consistency and efficiency in user management.

The benefits of implementing SCIM include:

  1. User Provisioning: SCIM allows for automated user provisioning, enabling seamless onboarding and offboarding of users to the IL platform. When a customer adds or removes users from their identity management system, SCIM can be used to synchronize these changes with the IL platform, ensuring that user accounts are created or deactivated accordingly.

  2. Single Sign-On (SSO): SCIM can be integrated with SSO solutions, such as SAML or OAuth, to enable a seamless and secure authentication experience for customers. By implementing SCIM-based SSO, users can authenticate once with their identity provider and gain access to the IL platform without the need for separate login credentials.

Overall, SCIM helps streamline user management and authentication processes, enhancing the customer experience and ensuring that user accounts and attributes are synchronized between the customer's identity management system and the IL platform.

What you'll need

To set up SCIM integration with Immersive, you will need:

  • A SCIM URL and auth token from the Immersive customer services team

  • An IdP with your users ideally already placed into groups

Azure Setup

First you must create a new Microsoft Entra ID (formerly Active Directory) application.

  1. Click the 'Microsoft Entra ID' icon from your service directory in the Azure portal:

    c7d6b441-e6e1-45ac-9f66-b08f6fddb239.png

  2. Click 'Add' and then select 'Enterprise application' from the drop-down list:

    30d4cd98-5cc6-4892-9ec3-9300e3fd62bb.png

  3. Click 'Create your own application' and then enter a name for the app (something helpful like 'Immersive'!). NOTE: Leave the radio button set to the default 'Integrate any other application you don't find in the gallery (Non-gallery)':

    fbee9f94-91d2-4d8b-ac41-3b678118e375.png

  4. Click 'Provisioning' from the left hand navigation menu:

    3c5c096c-1080-4afb-806a-287c042cfdae.png

  5. From the Overview page, click 'Get started'.

  6. Select 'Automatic' from the 'Provisioning mode' drop-down menu and enter the SCIM URL and auth token you were given by the Immersive Customer Support team:

    68522c13-3231-42c6-ac44-18791cce5790.png

  7. Click 'Test Connection' and ensure that a success message is displayed:

    57f1e8d3-1baf-4201-8cad-f5e50b1e93f1.png

  8. Click 'Save'.

  9. Go back to the 'Provisioning' overview page for your app and click 'Edit provisioning':

    0fa0bfc3-1175-467c-aaf6-57c4eb85bb4a.png

  10. In the 'Settings' section ensure the scope is set to 'Sync only assigned users and groups' and that the 'Provisioning Status' toggle is set to 'On':

    d1973590-8474-4962-8e2a-8c29259ee63d.png

  11. Click 'Save'. Go back to the app Overview page and select 'Users and Groups' from the left-hand navigation menu.
  12. From the Users and Groups page, select 'Add user/group'.
  13. From the Add Assignment area, click 'None Selected.'
  14. From the 'Users and groups' window, select the user or group that you want to assign and click 'Select':

e4e22b90-4980-4324-b20f-746f5b617e5a.png

Be aware that there may be a delay of 20-40 minutes before you see your changes appear in Immersive because Microsoft Azure synchronizes its SCIM data at a scheduled time interval rather than automatically after each event.

Provision on Demand

You can manually trigger synchronization using the Provision on demand option in the left-hand toolbar. From here you can select either one or more users or an entire group to manually provision into Immersive.

Select your group or user(s) then click 'Provision'.

Related to

Related articles

Comments

0 comments

Please sign in to leave a comment.