👨‍💻 Provisioning
      Back to home
      1. Help Centre
      2. 📜 Technical Documentation
      3. 👨‍💻 Provisioning

      Provisioning (SCIM Protocole) and Azure active directory

      Automatic directory synchronization

       

      Provisioning (SCIM Protocole)


      Provisioning is a term used to refer to directory synchronization. For example, Azure Active Directory is a directory. Other terms are used; AzureAD is also said to be an “identity provider”.


      Example of provisioning behaviors:
      A user is assigned to the Steeple application in Azure: the user is found or created in Steeple.
      A user is deactivated in Azure: it will no longer exist in Steeple.

      Provisioning is a powerful tool that avoids certain time-consuming activities for companies, of which identity management is one.

      SCIM in all this?
      SCIM is a protocol to follow when developing such a feature. For this to work well, you have to comply with this protocol.

      MICROSOFT AZURE ACTIVE DIRECTORY

      REMINDER : it is essential to have configured the SSO before starting the configuration of the provisioning. Neither AzureAD's nor Steeple's configuration allows this.

      In steeple:

      microsoft azure ad


      Administration > Integrations > Install

      Then click on Identification, to display two parameters needed to configure the provisioning: the tenant URL and the **Secret Token** :

      secret token


      In Azure:

      Annuaire Overview > Provisioning

      In this “Provisioning” tab, AzureAD automatically selects the “Manual” mode. For us, you have to select the mode “Automatic ". You must then copy-paste the tenant URL and the Secret Token in the appropriate fields then click on “Test Connection”:

      steeple test connection

      Note : No other mapping is required on Azure regarding the user's role management. 

       

      Next you will need to add your users to the application. From the tab "Users and Administrators" select your groups already created. 

      users and administrators

      Reminder : it is strongly advised to have at least two groups for each community : one for the users, one for the administrators.

       

      Next, you must then activate the provisioning. To do this, nothing could be simpler: click on “Start Provisioning”. If all goes well, a successful connection notification will appear in AzureAD.

      connexion notification in azure ad
      The number of synced users then appears in Azure.

      Note: Azure Active Directory updates every 25-40 minutes. A change in the directory may not be reflected immediately in Steeple but several minutes later.


      Following this configuration on Azure and the activation of provisioning, Steeple will receive the list of profiles obtained during this activation. You must then assign the different roles to your groups and related communities:

      azure and the activation of provisioning

      Once this step is completed, you can click on Take the next step

      The last step is therefore to activate the synchronization, by simply checking the button.
      checking the button

      As an administrator, you also have the option of deleting this access method to return to a so-called “classic” authentication system, with e-mail and password.

      To do this, simply uncheck the box to break the synchronization.