search
Customer Support

Microsoft Entra ID - SCIM - Configuration

circle-check

hashtag
Important Note

The instructions in this article cover a third-party app and may not reflect the latest version. Please use these instructions as a guide to complete the task, but be aware that some screens, field names, and steps may have changed.

hashtag
Overview

This article provides details on configuring an Entra ID identity provider to use Flosum's SCIM API. For more information about SCIM, see the following article.

circle-exclamation

hashtag
Customer-Hosted

Customers who host Flosum Apps on their own infrastructure will have a custom URL for logging into their apps. When using this documentation, replace any Flosum Hosted URLs with your own URLs.

hashtag
Prerequisites

Before setting up automated provisioning, ensure SAML-based SSO is properly configured and fully functional in your Flosum tenant.

Ensure your SAML Attributes & Claims configuration includes the following attributes:

Claim Name
Value

userUniqueId

user.objectid

firstName

user.givenname

lastName

user.surname

email

user.mail

For instructions for adding and configuring a Microsoft Entra ID identity provider, see the following articles.

hashtag
Configure Entra ID

1

hashtag
Configure API Integration

  1. Log in to your Entra ID account.

  2. Access the identity provider you created.

  3. Click Provisioning under Manage in the left sidebar menu.

  4. Change Provisioning Mode from Manual to Automatic.

  5. Complete the Admin credentials section.

  6. Tenant URL: Enter the SCIM API URL for your region from the table below.

Region
SCIM API URL

United States

https://global-us.flosum.app/api/v1/scim

Germany

https://global-de.flosum.app/api/v1/scim

Japan

https://global-jp.flosum.app/api/v1/scim

Australia

https://global-au.flosum.app/api/v1/scim

  1. Secret token: Enter your Global Settings API Token. If you don't have an API Token, see the following article for instructions on creating one.

    1. Creating an API Token

  2. Click Test connection to verify that a connection to your Flosum tenant can be established.

circle-info

If you don't receive a connection confirmation, check the Tenant URL and ensure it isn't blocked by firewalls or other network traffic interceptors. Then verify that the API Token is correct.

  1. Click Save.

2

hashtag
Users Mappings

The Flosum SCIM API uses specific metadata values from Entra ID user profiles. This section explains the required mappings between Flosum SCIM API and Entra ID attributes.

  1. Click Provisioning under Manage in the left sidebar menu.

  2. Click Provision Microsoft Entra ID Users in the Mappings section.

  3. Ensure Enabled is set to Yes.

  4. Ensure all Target Object Actions (Create, Update, and Delete) are checked.

  5. If any changes were made, click Save.

  6. Attribute mappings define which Microsoft Entra ID attributes are synchronized with which Flosum SCIM API attributes. See the screenshot and table below on how to set the correct attribute mappings.

Flosum SCIM API Attribute
Microsoft Entra ID Attribute

userName

mail

active

Switch([IsSoftDeleted],,"False","True","True","False")

emails[type eq "work"].value

mail

name.givenName

givenName

name.familyName

surname

externalId

objectId

circle-exclamation

Flosum uses the email address as the username. Make sure the userName attribute is mapped to the mail attribute. The screenshot below shows how to edit the mail attribute to set up this mapping.

circle-info

During user provisioning, the timezone attribute is set to Etc/UTC by default.

3

hashtag
Groups Mappings

The Flosum SCIM API does not currently support group provisioning. Make sure Group synchronization is disabled.

  1. Click Provisioning under Manage in the left sidebar menu.

  2. Click Provision Microsoft Entra ID Groups in the Mappings section.

  3. Ensure Enabled is set to No.

  4. If any changes were made, click Save.

4

hashtag
Start Provisioning

Once you have configured Entra ID to work with Flosum's SCIM API, you can turn on Provisioning in Entra ID to start the process of provisioning users

  1. Click Provisioning under Manage in the left sidebar menu.

  2. In the Settings section, toggle the Provisioning Status to On.

  3. Click Save.

circle-info

This will begin the initial provisioning, which may take some time. Check the bottom of the page in about 20 minutes to see the status.

Disable Provisioning

Provisioning can be disabled by changing the Provisioning Status to Off.

circle-info

If you need an urgent update, stop provisioning and restart it. This will trigger an immediate resync that includes all updates.

PreviousSCIM ConfigurationsNextOkta - SCIM - Configuration

Last updated

Was this helpful?