This article describes how you can create an Azure Active Directory app to utilise the CybSafe User Provisioning service. You will need to be subscribed to CybSafe Enterprise in order to fully utilise this service.

Note: This app does not replace your current CybSafe SSO app.

Configure Active Directory to use CybSafe User Provisioning

1 Sign in to portal.azure.com 

2 In the left menu, click the tab for Azure Active Directory.

3 From the second menu, click on Enterprise applications

4 From the top menu, click on New application 

5 Select the option for Non-gallery application, enter a name for your application and click Add.

6 In the resulting screen, select the Provisioning tab in the left column.
7 In the Provisioning Mode menu, select Automatic.

8 In the Tenant URL field, enter: https://app.cybsafe.com/scim/v2/


9 In the Secret Token field, enter: <<ACCESS_TOKEN>> (The token will be provided to you from our Support team. Message support@cybsafe.com to receive your token)


10 Click the Test Connection button to have Azure Active Directory attempt to connect to the CybSafe SCIM endpoint.


11 Click Save to save the admin credentials.


12 Update your field mappings so that CybSafe servers will only receive the minimal user data required for CybSafe to work. Attributes not listed in Table 1 (at the end of this article) will not be stored by CybSafe.


13 Once your configuration is complete, change the Provisioning Status to On.


14 Under Settings, the Scope field defines which users and groups are synchronized. Selecting "Sync only assigned users and groups" (recommended) will only sync users and groups assigned in the Users and groups tab.


15 Click Save to start the Azure AD provisioning service.

You can now begin assigning users and groups to your application and CybSafe will receive them.

Table 1: User Attributes

Users will be created whenever user information is submitted as a member field within the group. Once users are deleted from your Active Directory, their profile will be archived on CybSafe.

Please note, if you want to deactivate users that you have uploaded via Active Directory you must do this on SCIM rather than the platform. To do this set the users Active field to False. This will prevent your users being reactivated when your Active Directory syncs again.

Still have questions?

If you still have questions, you can contact the CybSafe team via support@cybsafe.com. We’re on hand to help resolve any further issues!

Did this answer your question?