SSO SCIM Synchronization with Entra ID

This document is about SSO SCIM synchronization with Azure Active Directory.

Step 1 - Login to azure

Login to the admin azure panel from here: https://portal.azure.com/#home , and click the Enterprise applications.

alt

Step 2 - Enterprise applications

From the All appliacations menu, click to the New application .

alt

Step 3 - Create your own new application

Click on the Create your own application.

alt

Step 4 - Configure your own new application

Fill fields of opened from as:

  • What’s the name of your app?
    • IDmelon
  • What are you looking to do with your application?
    • Integrate any other application you don’t find in the gallery (Non-gallery)

And then Click Create button.

alt

Step 5 - Provisioning

In the opened page, click the Get started of the Provision User Accounts section.

alt

Step 6- Provisioning

And then in the next page, click the Get started from main again.

alt

Step 7 - Update credentials

And then in the next page, fill fields of opened from as:

  • Provisioning mode
    • Automatic

And in the Admin Credentials section:

  • Tenant URL

    • https://skm.idmelon.com/api/scim/v2/
  • Secret Token

    • PASTE THIS VALUE FROM IDMELON PANEL

And click Test connection to check the connection to IDmelon is successful.

Then click Save.

alt

Step 7 - Update Settings

Based on your situation, change the Scope to Sync all users and groups

alt

Step 8 - User Attribute mapping

Expand the Mapping section and click on Provision Microsoft Entra ID Users

alt

Step 9 - User attribute mapping - advance options

In the Attribute Mappings section, check the Show advanced options option, and then click on the Edit attribute list for customappsso:

alt

Add a new immutableId field based as picture and below table and then click the Save.

alt

NameType
urn:ietf:params:scim:schemas:extension:IDmelon:2.0:User:immutable_idString

Step 10 - User attribute mapping

Back to the Attribute Mappings section, and from the default list, apply these two changes and then click the Save.

  • Change the objectId field by clicking on the Edit button.
  • Add immutableId field by clicking the Add New Mapping.
customappsso AttributeMicrosoft Entra ID AttributeMatching precedence
objectIdexternalId
immutableIdurn:ietf:params:scim:schemas:extension:IDmelon:2.0:User:immutable_id

alt alt alt alt

Step 11 - Group Attribute mapping

Expand the Mapping section and click on Provision Microsoft Entra ID Group

alt

Step 12 - Group attribute mapping - advance options

In the Attribute Mappings section, check the Show advanced options option, and then click on the Edit attribute list for customappsso:

alt

Add a new description field based as picture and below table and then click the Save.

alt

NameType
descriptionString

Step 13 - Group attribute mapping

Back to the Attribute Mappings section, and from the default list, apply this change and then click the Save.

  • Add description field by clicking the Add New Mapping.
customappsso AttributeMicrosoft Entra ID AttributeMatching precedence
descriptiondescription

alt alt alt

Deprovisioning

The rules of deprovisioning are as follows:

Sync Only Assigned Users and Groups

If you have set the SCIM sync to be dependent on specific users and groups (Sync only assigned users and groups), removing a user on the IDmelon side can be done in the following ways:

  • Method 1: Remove the user from the specified group on the Entra ID side.
  • Method 2: Disable the user on the Entra ID side.
  • Method 3: Delete the user on the Entra ID side.

Sync All Users and Groups

If the SCIM sync is set to include all users and groups (Sync all users and groups), removing a user on the IDmelon side can be done as follows:

  • Method 1: Disable the user on the Entra ID side.
  • Method 2: Delete the user on the Entra ID side.