Configure SCIM provisioning with Azure AD

  • Updated

Who can use this feature?

You can synchronize users and groups from Azure AD via SCIM 2.0.

Note that user emails must be manually updated in 360Learning if you change them in Azure AD, since they act as the identifier (primary key).

Prerequisites

Before you begin, you have configured the SCIM integration in your 360Learning platform.

Step 1: Create an enterprise application

Add an enterprise application representing the 360Learning platform in Microsoft Azure.

  1. Go to your Azure portal and sign in.
  2. Click Azure Active Directory.
  3. In the left panel, click Enterprise applications.
  4. Click New application.
  5. Click Create your own application.
  6. Enter a name for your application.
  7. Select Integrate any other application you don’t find in the gallery (Non-gallery).
  8. Click Create.

The new enterprise application for the 360Learning platform is created.

Step 2: Configure provisioning in your enterprise application

  1. In your Azure portal, click Azure Active Directory.
  2. In the left panel, click Enterprise applications.
  3. Click the application that you created for 360Learning.
  4. In the left panel, click Provisioning.
  5. In the Provisioning Mode list, select Automatic.
  6. Enter the Admin Credentials:
  7. Click Test connection to test the credentials.
  8. Click Save.

Step 3: Configure attribute mapping

Configure attribute mappings for users and groups.

Note that user emails must be manually updated in 360Learning if you change them in Azure AD, since they act as the identifier (primary key).

Step 3.1: Configure user attributes mapping

  1. In your Azure portal, click Azure Active Directory.
  2. In the left panel, click Enterprise applications.
  3. Click the application that you created for 360Learning.
  4. In the left panel, click Provisioning.
  5. Under Mappings, click Provision Azure Active Directory Users to map Azure AD attributes.
  6. In Attribute Mapping, map the customappsso attributes to these Azure AD attributes:

    Azure Active Directory attribute customappsso attribute (360Learning)
    userPrincipalName userName
    "Switch([IsSoftDeleted], , "False", "True", "True", "False")" active
    givenName name.givenName
    surname name.familyName
    jobTitle title
    mail emails[type eq "work"].value
    manager urn:ietf:params:scim:schemas:extension:entreprise:2.0:User:manager
    organization urn:ietf:params:scim:schemas:extension:entreprise:2.0:User:organization
    "Mid([preferredLanguage], 1, 2)" preferredLanguage
  7. Click Save.

Step 3.2: Configure group attributes mapping

  1. Under Mappings, click Provision Azure Active Directory Groups to map Azure AD attributes.
  2. In Attribute Mapping, map the customappsso attributes to these Azure AD attributes:

    Azure Active Directory attribute customappsso attribute (360Learning)
    displayName displayName
    objectID externalID
    members members
  3. Click Save.

Step 4: Assign users and groups

After you create the application in Azure AD, you need to assign the application to the relevant users and groups. Only these users and groups will be provisioned to the 360Learning platform.

  1. In your Azure portal, click Azure Active Directory.
  2. In the left panel, click Enterprise applications.
  3. Click the application that you created for 360Learning.
  4. Click Assign users and groups.
  5. Click Add user/group.
  6. Click None selected.
  7. Identify the users and groups you want to assign to the application, then click Select.
  8. At the bottom left of the screen, click Assign.

Step 5: Start provisioning

You can now start provisioning users and groups.

  1. In your Azure portal, click Azure Active Directory.
  2. In the left panel, click Enterprise applications.
  3. Click the application that you created for 360Learning.
  4. In the left panel, click Provisioning.
  5. Click Start provisioning.

It might take up to 40 minutes before you start seeing users and groups in your 360Learning platform. The first initial run might take some time depending on the size of your directory.

Once the provisioning is complete, a report is available in your Azure portal.

Configure 360Learning custom fields in Azure AD

You can create custom fields on the 360Learning platform. Since these are not included in the default mappings, you will have to link these fields manually. Subsequent updates will be performed automatically.

Before you begin, create custom fields on the 360Learning platform. Then, in your Azure portal:

  1. Click Azure Active Directory.
  2. In the left panel, click Enterprise applications.
  3. Click the application that you created for 360Learning.
  4. In the left panel, click Provisioning.
  5. Under Mappings, click Provision Azure Active Directory Users.
  6. Select the Show advanced options check box.
  7. Click Edit attribute list for customappsso.
  8. Enter a new target attribute in the blank box at the bottom of the list. Use the urn:ietf:params:scim:schemas:extension:360learning:2.0:User:custom_field syntax, where urn:ietf:params:scim:schemas:extension:360learning:2.0:User is the fixed source object, and custom_field should be replaced with the name of the custom field in 360Learning.
    • For example, if your 360Learning user has a custom attribute named “employeeNumber”, enter the following target attribute urn:ietf:params:scim:schemas:extension:360learning:2.0:User:employeeNumber.
  9. Click on the dropdown next to the target attribute name to match the attribute type with the attribute type in 360Learning.
  10. Click Save.
  11. Return to the Attribute Mapping page.
  12. Click Add new mapping at the bottom of the table.
  13. Select the Source attribute in Azure AD that will map to the target attribute in the 360Learning application.
    • For example, if you want to map the 360Learning "employeeNumber" custom attribute to Azure AD's "employeeId", select employeeId as Source attribute.
  14. Select the Target attribute created during step 8.
    • For example, if you want to map the 360Learning "employeeNumber" custom attribute to Azure AD's "employeeId", select urn:ietf:params:scim:schemas:extension:360learning:2.0:User:employeeNumber as Target attribute.
  15. Click Ok.
  16. Once all target attributes for 360Learning custom fields have been created and mapped to Azure AD attributes, click Save.
Check out our blog for more L&D resources.

Was this article helpful?

1 out of 1 found this helpful

Have more questions? Submit a request