To set up SCIM provisioning in Azure AD you will need to have the involvement of both a Tapt admin and the manager of your Azure AD account.
SCIM capabilities supported by Tapt
Updating profile details
Provisioning one or more users and their Tapt profiles
Setup
Step 1: Creating the Tapt application in Azure AD
To create the Azure application that will connect to Tapt:
Navigate to portal.azure.com and log in
Search for 'Enterprise Applications'
Click on Create your own application
Input a name for the Application ‘Tapt Integration’
Select to ‘integrate any other application you don’t find in the gallery’
Click Create
Step 2: Setting up user provisioning
Navigate to your newly created Enterprise Application in Azure and do the following:
Select Provisioning in the left panel
Set the Provisioning Mode to Automatic
You should see a Tenant URL field and a Secret Token field. We will need to get this information from your account in Tapt so let's do that now.
Navigate to the integration tab in your Tapt account in a separate browser tab
You should see SCIM Provisioning which contains a URL and Token. You will need to generate the token by clicking Generate
Copy the URL and Token and navigate back to the Provisioning page in your Azure app. Paste the URL and Token in the corresponding fields
Click Test Connection
After a few seconds you should see a success message letting you know that the supplied credentials are authorised to enable provisioning. With your credentials verified you can now click Save
Step 3: Disable Groups provisioning
Once saved, expand the mappings option in Provisioning
Select Provision Active Directory Groups
Set Enabled to No and save
Step 4: Configuring user provisioning in Azure
Navigate back to the main page of your Azure application
Click Users and Groups in the left-hand side of the page
Click Add user/group
Click on Users and groups
Select the users and/or groups that you would like to provision
Click the Select button at the bottom of the selection section
Click the Assign button at the bottom left of the screen
Step 5: Ensure provisioning status is ‘on’
Select Provisioning in the left panel
Ensure that the provision status is ‘on’
Note: A sync occurs between Azure and Tapt every 40 minutes
Adding a new user to the Tapt Application in Azure
Now that user provisioning is completely configured we can add users to the Azure app in order for them to be provisioned in Tapt. However before you proceed we should go over what happens when a new user is added to the Azure Tapt Application.
A user is created in your Tapt portal
A profile is automatically created for this user
This card will contain any relevant details from the users profile in Azure AD
These card fields will even stay in sync with whatever value is in the users profile.
Note: a new user will be defined based on the email of the profile holder. If a new user is added with an email address that does not currently exist in your Tapt portal it will automatically create a profile for them.
Supported user attributes
A user's attributes can be found on the Azure AD User Profile. We support the following attributes:
First name
Last name
Job title
Company name
Office phone
Mobile phone
Email
Mapping the Company name to the Azure Payload?
Go to Provisioning
Finding Mappings
Click Provision Microsoft Entra Users
Add a new mapping connecting to the User.organization attribute
Note: Unfortunately whilst Tapt supports syncing profile images via SCIM, Azure AD does not expose this to us. Profile images will need to be uploaded to each card by the card owner or by the team admin.
Congratulations!! 🎉
You made it. We know this was a lot to digest so if you have any questions please email us at support@tapt.io.