Configuration

SCIM API integration for the Device Hub
SCIM provisioning for Microsoft Azure AD

How to configure SCIM for Condeco in Azure Active Directory

1. Sign in to the Azure portal and open Azure Active Directory.

2. Select Enterprise applications.
   

3. Click New application.
   

4. Click Create your own application.
   

5. Enter a name for the new application i.e. ‘CondecoScimApplication’ and select Integrate any other application you don’t find in the gallery. Click Create.
   

6. From the Overview page for your new application, click Provision User Accounts.
   

7. Click Get started.
   

8. On the Provisioning page, click the Provisioning Mode drop-down and select Automatic.
   

9. Add the Admin Credentials:
   1. Tenant URL: enter the Condeco SCIM URL i.e. https:///scim/api/V1/
   2. Secret Token: enter the token from your token provider. To learn how to generate a token visit Condeco SCIM API token.
      

10. Click Test connection and if successful, click Save to save your new application.
    

11. Still on the Provisioning page, expand the Mappings section and click Provision Azure Active Directory Users.
    

12. The Attribute Mapping table must only contain the following customappsso attributes:

userName
active
emails[type eq “work”].value
name.givenName
name.familyName
phoneNumbers[type eq “work”].value
phoneNumbers[type eq “mobile”].value
externalId

Click Delete to delete mappings not listed above. The image shows only the required mappings.

13. Still on the Attribute Mapping page, click “externalId” mapping from the customappsso Attribute column and change the values as follows:

Mapping type: Direct
Source attribute: objectId
Default value if null (optional): leave blank
Target attribute: externalId
Match objects using this attribute: No
Apply this mapping: Always

14. Click OK to save the values.

15. Click Save to save the Attribute Mappings and click Yes to confirm.

16. Expand the Mappings section and click Provision Azure Active Directory Groups.
    

17. Click Yes to enable Provision Azure Active Directory Groups, then click Save.
    
18. The Attribute Mapping page is displayed. Edit the group attributes as follows:
    1. Click the group attribute “displayname” to open the Edit Attribute page. Change Matching precendence to 2.
       
    2. Click OK to save and return to the Attribute Mapping page.
    3. Click the group attribute “objectId” to open the Edit Attribute page. Click Match object using this attribute and select Yes. Check the Matching precedence value is 1.
       
    4. Click OK to save and return to the Attribute Mapping page.
    5. Click the group attribute “displayname” again to open the Edit Attribute page. Click Match object using this attribute and select No. Check the Matching precedence value is now 0.
       

19. Click OK to save and return to the Attribute Mapping page.
    

20. Click Save to save the Attribute Mappings and click Yes to confirm.

21. Click X to close Attribute Mapping and return to the Provisioning Page.

22. Expand Settings, click the Scope drop-down list and select Sync all users and groups.
    Note: If the Scope drop-down list is not visible, close the Provisioning page and click Edit Provisioning to reopen.
    

23. Set the Provisioning Status button to On.
    

24. Click Save to complete the SCIM application provisioning.