The topic will walk you through how to use Azure SCIM with Ironclad. This includes how to create a bearer token, enable the integration in Azure, and Assign user and groups to Ironclad.
- You must be able to create Ironclad API bearer tokens in your Ironclad company.
- You must have a SAML SSO connector configured in your Ironclad company before provisioning users with SCIM.
Supported Azure Active Directory Features
- Create Users
- Update User Attributes
- Deactivate Users
- Create Groups
- Update Groups
- Delete Groups
Follow each of the sections below in order:
- Create a Bearer Token
- Enable API Integration in Azure
- Assign Users And Groups to the Ironclad Application
- Configure Group Permissions in Ironclad
Create a Bearer Token
Required Role: Admin
- In Ironclad, click on your name located in the top right corner of Ironclad. Click Company Settings > API.
- Create a new bearer token for use by Azure. Name it something descriptive and memorable such as "Azure SCIM Provisioning Token".
- Copy the generated token that displays.
Enable API Integration in Azure
Note: You may need to change the default settings for Switch to the following if the default does not allow for you to remove users:
- Log in to your Azure Active Directory admin account. In the Manage panel on the left, click Enterprise Applications, and then click New Application.
- Select Create your own application.
- Name the application, and select Integrate any other application you don’t find in the gallery. We recommend naming the application Ironclad.
- From the application's configuration screen, click the Provisioning tab.
- Click Get Started.
- Change the provisioning mode from Manual to Automatic, and in the Tenant URL field, enter https://ironcladapp.com/scim/v2. In the Secret Token field, enter the user’s Ironclad API Token.
- Click Test API Credentials to verify the connection.
- Under Settings, verify that Provisioning Status is turned On, and the Scope is set to your desired scope.
- Under Mappings, select Provision Azure Active Directory Users and unmap the array type fields. You can remap these in the future.
Assign Users And Groups to the Ironclad Application
Pushing users into Ironclad with SCIM is only supported when a single SAML configuration is in place in your Ironclad company.
Any subsequent updates to users or groups within Azure Active Directory are periodically updated in Ironclad.
1. In your Azure Active Directory admin account, under the application, click the Users and Groups tab.
2. Click the Add User button and select the users and groups to assign the to application.
3. On the bottom left-hand side of the screen, click the Assign button. These users will be added or updated in the next provisioning cycle (typically around 45 minutes).
4. From the Users and Groups tab, you can also remove users and groups from the application.
Configure Group Permissions in Ironclad
You must manage group permissions in Ironclad after pushing groups via SCIM. Refer to the Group Permissions Overview for more information.