Who can use this feature?
|
You can synchronize users and groups from Azure AD via SCIM 2.0.
Note that user emails must be manually updated in 360Learning if you change them in Azure AD, since they act as the identifier (primary key).
Prerequisites
Before you begin, you have configured the SCIM integration in your 360Learning platform.
Step 1: Create an enterprise application
Add an enterprise application representing the 360Learning platform in Microsoft Azure.
- Go to your Azure portal and sign in.
- Click Azure Active Directory.
- In the left panel, click Enterprise applications.
- Click New application.
- Click Create your own application.
- Enter a name for your application.
- Select Integrate any other application you don’t find in the gallery (Non-gallery).
- Click Create.
The new enterprise application for the 360Learning platform is created.
Step 2: Configure provisioning in your enterprise application
- In your Azure portal, click Azure Active Directory.
- In the left panel, click Enterprise applications.
- Click the application that you created for 360Learning.
- In the left panel, click Provisioning.
- In the Provisioning Mode list, select Automatic.
- Enter the Admin Credentials:
- In the Tenant URL field, paste the Endpoint URL you retrieved when configuring the SCIM integration.
- In the Secret Token field, paste the authorization token you retrieved when configuring the SCIM integration.
- Click Test connection to test the credentials.
- Click Save.
Step 3: Configure attribute mapping
Configure attribute mappings for users and groups.
Note that user emails must be manually updated in 360Learning if you change them in Azure AD, since they act as the identifier (primary key).
Step 3.1: Configure user attributes mapping
- In your Azure portal, click Azure Active Directory.
- In the left panel, click Enterprise applications.
- Click the application that you created for 360Learning.
- In the left panel, click Provisioning.
- Under Mappings, click Provision Azure Active Directory Users to map Azure AD attributes.
- In Attribute Mapping, map the customappsso attributes to these Azure AD attributes:
Azure Active Directory attribute customappsso attribute (360Learning) userPrincipalName
userName
"Switch([IsSoftDeleted], , "False", "True", "True", "False")"
active
givenName
name.givenName
surname
name.familyName
jobTitle
title
mail
emails[type eq "work"].value
manager
urn:ietf:params:scim:schemas:extension:entreprise:2.0:User:manager
organization
urn:ietf:params:scim:schemas:extension:entreprise:2.0:User:organization
"Mid([preferredLanguage], 1, 2)"
preferredLanguage
- Click Save.
Step 3.2: Configure group attributes mapping
- Under Mappings, click Provision Azure Active Directory Groups to map Azure AD attributes.
- In Attribute Mapping, map the customappsso attributes to these Azure AD attributes:
Azure Active Directory attribute customappsso attribute (360Learning) displayName
displayName
objectID
externalID
members
members
- Click Save.
Step 4: Assign users and groups
After you create the application in Azure AD, you need to assign the application to the relevant users and groups. Only these users and groups will be provisioned to the 360Learning platform.
- In your Azure portal, click Azure Active Directory.
- In the left panel, click Enterprise applications.
- Click the application that you created for 360Learning.
- Click Assign users and groups.
- Click Add user/group.
- Click None selected.
- Identify the users and groups you want to assign to the application, then click Select.
- At the bottom left of the screen, click Assign.
Step 5: Start provisioning
You can now start provisioning users and groups.
- In your Azure portal, click Azure Active Directory.
- In the left panel, click Enterprise applications.
- Click the application that you created for 360Learning.
- In the left panel, click Provisioning.
- Click Start provisioning.
It might take up to 40 minutes before you start seeing users and groups in your 360Learning platform. The first initial run might take some time depending on the size of your directory.
Once the provisioning is complete, a report is available in your Azure portal.
Configure 360Learning custom fields in Azure AD
You can create custom fields on the 360Learning platform. Since these are not included in the default mappings, you will have to link these fields manually. Subsequent updates will be performed automatically.
Before you begin, create custom fields on the 360Learning platform. Then, in your Azure portal:
- Click Azure Active Directory.
- In the left panel, click Enterprise applications.
- Click the application that you created for 360Learning.
- In the left panel, click Provisioning.
- Under Mappings, click Provision Azure Active Directory Users.
- Select the Show advanced options check box.
- Click Edit attribute list for customappsso.
- Enter a new target attribute in the blank box at the bottom of the list. Use the
urn:ietf:params:scim:schemas:extension:360learning:2.0:User:custom_field
syntax, whereÂurn:ietf:params:scim:schemas:extension:360learning:2.0:User
is the fixed source object, andÂcustom_field
should be replaced with the name of the custom field in 360Learning.- For example, if your 360Learning user has a custom attribute named “employeeNumber”, enter the following target attribute
urn:ietf:params:scim:schemas:extension:360learning:2.0:User:employeeNumber
.
- For example, if your 360Learning user has a custom attribute named “employeeNumber”, enter the following target attribute
- Click on the dropdown next to the target attribute name to match the attribute type with the attribute type in 360Learning.
- Click Save.
- Return to the Attribute Mapping page.
- Click Add new mapping at the bottom of the table.
- Select the Source attribute in Azure AD that will map to the target attribute in the 360Learning application.
- For example, if you want to map the 360Learning "employeeNumber" custom attribute to Azure AD's "employeeId", select
employeeId
as Source attribute.
- For example, if you want to map the 360Learning "employeeNumber" custom attribute to Azure AD's "employeeId", select
- Select the Target attribute created during step 8.
- For example, if you want to map the 360Learning "employeeNumber" custom attribute to Azure AD's "employeeId", select
urn:ietf:params:scim:schemas:extension:360learning:2.0:User:employeeNumber
 as Target attribute.
- For example, if you want to map the 360Learning "employeeNumber" custom attribute to Azure AD's "employeeId", select
- Click Ok.
- Once all target attributes for 360Learning custom fields have been created and mapped to Azure AD attributes, click Save.