Skip to main content

SCIM with Azure

Donovan Charpin avatar
Written by Donovan Charpin
Updated over 9 months ago

SCIM configuration for Azure:

  1. Go to Archie > Settings > Integrations and create your SCIM integration with Azure

  2. In Azure, go to Azure Active Directory and click on the tab Enterprise applications, then click on New application if Archie SAML is not already in the list. It is important to use the same application where your SAML is configured.

  3. Click on the tab Provisioning and setup the app and click on Get started to set up the app

  4. Assign the groups to the application (Users and Groups tab in the application)

  5. Go to the Provisioning tab in the Manage section

    • In Mapping, both provisioning for Users and Groups should be enabled

    • Provisioning Status should be set to On

  6. Click on the Mapping > Provision Azure Active Directory Users

    • Target object action Create, Update and Delete should be enabled

    • You will need at least these Attribute Mappings :

      • userPrincipalName with the value userName

      • givenName with the value name.givenName

      • surname with the value name.familyName

      • mail with the value emails[type eq "work"].value

      • displayName with the value displayName

      • city with the value addresses[type eq "work"].locality

      • preferredLanguage with the value preferredLanguage

  7. Click on the Mapping > Provision Azure Active Directory Groups

    • Target object action Create, Update and Delete should be enabled

    • You will need at least these Attribute Mappings :

      • displayName with the value displayName

      • objectId with the value externalId

      • members with the value members

  • You can test by adding a user and a group in the Users and groups tab. Azure does not send the value instantly, if you want to test right away, you will have to go to the tab Provision on demand and then select the user and the group (select also the user in the group if this user is part of the group selected) and click on Provision to test. Once the test is done, you should see the new user in Archie and the group in the SCIM configuration. Once the group is pushed, you can start mapping the SCIM group to the Archie groups and retry the provisioning. If the user is part of the group in Azure and the group is mapped in Archie, it will automatically sync the user in the group.

Did this answer your question?