SSO SCIM Synchronization with Entra ID

This document is about SSO SCIM synchronization with Azure Active Directory.

Setup IDmelon For Provisioning #

Log in to the IDmelon panel, go to Users > All Users, click Import Users, and select SCIM Connector.

Select Microsoft Entra ID as identity provider, then click Next.

Click Generate New Token.

The newly generated token will be shown only once. Make sure to copy and save it.

Finally click Active button.

Now IDmelon is ready for provisioning.

Setup Azure For Provisioning #

Step 1 - Login to azure #

Login to the admin azure panel from here: https://portal.azure.com/#home , and click the Enterprise applications.

Step 2 - Enterprise applications #

From the All appliacations menu, click to the New application .

Step 3 - Create your own new application #

Click on the Create your own application.

Step 4 - Configure your own new application #

Fill fields of opened from as:

• What’s the name of your app?
  • IDmelon
• What are you looking to do with your application?
  • Integrate any other application you don’t find in the gallery (Non-gallery)

And then Click Create button.

Step 5 - Provisioning #

In the opened page, click the Get started of the Provision User Accounts section.

Step 6- Provisioning #

And then in the next page, click the Get started from main again.

Step 7 - Update credentials #

And then in the next page, fill fields of opened from as:

• Provisioning mode
  • Automatic

And in the Admin Credentials section:

• Tenant URL

  • https://skm.idmelon.com/api/scim/v2/

• Secret Token

  • PASTE THIS VALUE FROM IDMELON PANEL

And click Test connection to check the connection to IDmelon is successful.

Then click Save.

Step 7 - Update Settings #

Based on your situation, change the Scope to Sync all users and groups

Step 8 - User Attribute mapping #

Expand the Mapping section and click on Provision Microsoft Entra ID Users

Step 9 - User attribute mapping - advance options #

In the Attribute Mappings section, check the Show advanced options option, and then click on the Edit attribute list for customappsso:

Add a new immutableId field based as picture and below table and then click the Save.

Step 10 - User attribute mapping #

Back to the Attribute Mappings section, and from the default list, apply these two changes and then click the Save.

• Change the objectId field by clicking on the Edit button.
• Add immutableId field by clicking the Add New Mapping.

Step 11 - Group Attribute mapping #

Expand the Mapping section and click on Provision Microsoft Entra ID Group

Step 12 - Group attribute mapping - advance options #

In the Attribute Mappings section, check the Show advanced options option, and then click on the Edit attribute list for customappsso:

Add a new description field based as picture and below table and then click the Save.

Step 13 - Group attribute mapping #

Back to the Attribute Mappings section, and from the default list, apply this change and then click the Save.

• Add description field by clicking the Add New Mapping.

Deprovisioning #

The rules of deprovisioning are as follows:

Sync Only Assigned Users and Groups #

If you have set the SCIM sync to be dependent on specific users and groups (Sync only assigned users and groups), removing a user on the IDmelon side can be done in the following ways:

• Method 1: Remove the user from the specified group on the Entra ID side.
• Method 2: Disable the user on the Entra ID side.
• Method 3: Delete the user on the Entra ID side.

Sync All Users and Groups #

If the SCIM sync is set to include all users and groups (Sync all users and groups), removing a user on the IDmelon side can be done as follows:

• Method 1: Disable the user on the Entra ID side.
• Method 2: Delete the user on the Entra ID side.