SSO SCIM Synchronization with Entra ID
This document is about SSO SCIM synchronization with Azure Active Directory.
Step 1 - Login to azure
Login to the admin azure panel from here: https://portal.azure.com/#home ,
and click the Enterprise applications
.
Step 2 - Enterprise applications
From the All appliacations
menu, click to the New application
.
Step 3 - Create your own new application
Click on the Create your own application
.
Step 4 - Configure your own new application
Fill fields of opened from as:
- What’s the name of your app?
- IDmelon
- What are you looking to do with your application?
- Integrate any other application you don’t find in the gallery (Non-gallery)
And then Click Create
button.
Step 5 - Provisioning
In the opened page, click the Get started
of the Provision User Accounts
section.
Step 6- Provisioning
And then in the next page, click the Get started
from main again.
Step 7 - Update credentials
And then in the next page, fill fields of opened from as:
- Provisioning mode
- Automatic
And in the Admin Credentials
section:
Tenant URL
- https://skm.idmelon.com/api/scim/v2/
Secret Token
- PASTE THIS VALUE FROM IDMELON PANEL
And click Test connection
to check the connection to IDmelon
is successful.
Then click Save
.
Step 7 - Update Settings
Based on your situation, change the Scope to Sync all users and groups
Step 8 - User Attribute mapping
Expand the Mapping
section and click on Provision Microsoft Entra ID Users
Step 9 - User attribute mapping - advance options
In the Attribute Mappings
section, check the Show advanced options
option,
and then click on the Edit attribute list for customappsso
:
Add a new immutableId
field based as picture and below table and then click the Save
.
Name | Type |
---|---|
urn:ietf:params:scim:schemas:extension:IDmelon:2.0:User:immutable_id | String |
Step 10 - User attribute mapping
Back to the Attribute Mappings
section, and from the default list, apply these two changes and then click the Save
.
- Change the
objectId
field by clicking on theEdit
button. - Add
immutableId
field by clicking theAdd New Mapping
.
customappsso Attribute | Microsoft Entra ID Attribute | Matching precedence |
---|---|---|
objectId | externalId | |
immutableId | urn:ietf:params:scim:schemas:extension:IDmelon:2.0:User:immutable_id |
Step 11 - Group Attribute mapping
Expand the Mapping
section and click on Provision Microsoft Entra ID Group
Step 12 - Group attribute mapping - advance options
In the Attribute Mappings
section, check the Show advanced options
option,
and then click on the Edit attribute list for customappsso
:
Add a new description
field based as picture and below table and then click the Save
.
Name | Type |
---|---|
description | String |
Step 13 - Group attribute mapping
Back to the Attribute Mappings
section, and from the default list, apply this change and then click the Save
.
- Add
description
field by clicking theAdd New Mapping
.
customappsso Attribute | Microsoft Entra ID Attribute | Matching precedence |
---|---|---|
description | description |
Deprovisioning
The rules of deprovisioning are as follows:
Sync Only Assigned Users and Groups
If you have set the SCIM sync to be dependent on specific users and groups (Sync only assigned users and groups
), removing a user on the IDmelon side can be done in the following ways:
- Method 1: Remove the user from the specified group on the Entra ID side.
- Method 2: Disable the user on the Entra ID side.
- Method 3: Delete the user on the Entra ID side.
Sync All Users and Groups
If the SCIM sync is set to include all users and groups (Sync all users and groups
), removing a user on the IDmelon side can be done as follows:
- Method 1: Disable the user on the Entra ID side.
- Method 2: Delete the user on the Entra ID side.