Skip to main content
All CollectionsIntegrations
SCIM Provisioning of Users using Azure AD
SCIM Provisioning of Users using Azure AD

SCIM is a protocol that helps manage user data across multiple applications efficiently.

Elon Datt avatar
Written by Elon Datt
Updated over 3 months ago

To set up SCIM provisioning in Azure AD you will need to have the involvement of both a Tapt admin and the manager of your Azure AD account.

SCIM capabilities supported by Tapt

  • Updating profile details

  • Provisioning one or more users and their Tapt profiles

Setup

Step 1: Creating the Tapt application in Azure AD

To create the Azure application that will connect to Tapt:

  1. Navigate to portal.azure.com and log in

  2. Search for 'Enterprise Applications'

  3. Click on Create your own application

  4. Input a name for the Application ‘Tapt Integration’

  5. Select to ‘integrate any other application you don’t find in the gallery

  6. Click Create

Step 2: Setting up user provisioning

Navigate to your newly created Enterprise Application in Azure and do the following:

  1. Select Provisioning in the left panel

  2. Set the Provisioning Mode to Automatic

You should see a Tenant URL field and a Secret Token field. We will need to get this information from your account in Tapt so let's do that now.

  1. Navigate to the integration tab in your Tapt account in a separate browser tab

  2. You should see SCIM Provisioning which contains a URL and Token. You will need to generate the token by clicking Generate

  3. Copy the URL and Token and navigate back to the Provisioning page in your Azure app. Paste the URL and Token in the corresponding fields

  4. Click Test Connection

  5. After a few seconds you should see a success message letting you know that the supplied credentials are authorised to enable provisioning. With your credentials verified you can now click Save

Step 3: Disable Groups provisioning

  1. Once saved, expand the mappings option in Provisioning

  2. Select Provision Active Directory Groups

  3. Set Enabled to No and save

Step 4: Configuring user provisioning in Azure

  1. Navigate back to the main page of your Azure application

  2. Click Users and Groups in the left-hand side of the page

  3. Click Add user/group

  4. Click on Users and groups

  5. Select the users and/or groups that you would like to provision

  6. Click the Select button at the bottom of the selection section

  7. Click the Assign button at the bottom left of the screen

Step 5: Ensure provisioning status is ‘on’

  1. Select Provisioning in the left panel

  2. Ensure that the provision status is ‘on’

Note: A sync occurs between Azure and Tapt every 40 minutes


Adding a new user to the Tapt Application in Azure

Now that user provisioning is completely configured we can add users to the Azure app in order for them to be provisioned in Tapt. However before you proceed we should go over what happens when a new user is added to the Azure Tapt Application.

  1. A user is created in your Tapt portal

  2. A profile is automatically created for this user

    1. This card will contain any relevant details from the users profile in Azure AD

    2. These card fields will even stay in sync with whatever value is in the users profile.

Note: a new user will be defined based on the email of the profile holder. If a new user is added with an email address that does not currently exist in your Tapt portal it will automatically create a profile for them.

Supported user attributes

A user's attributes can be found on the Azure AD User Profile. We support the following attributes:

  • First name

  • Last name

  • Job title

  • Company name

  • Office phone

  • Mobile phone

  • Email

Mapping the Company name to the Azure Payload?

  1. Go to Provisioning

  2. Finding Mappings

  3. Click Provision Microsoft Entra Users

  4. Add a new mapping connecting to the User.organization attribute

Note: Unfortunately whilst Tapt supports syncing profile images via SCIM, Azure AD does not expose this to us. Profile images will need to be uploaded to each card by the card owner or by the team admin.

Congratulations!! 🎉

You made it. We know this was a lot to digest so if you have any questions please email us at support@tapt.io.

Did this answer your question?