The topic will walk you through how to use Azure SCIM with Ironclad. This includes how to create a bearer token, enable the integration in Azure, and Assign user and groups to Ironclad.
- You must be able to create Ironclad API bearer tokens in your Ironclad company.
- You must have a SAML SSO connector configured in your Ironclad company before provisioning users with SCIM.
Supported Azure Active Directory Features
- Create Users
- Update User Attributes
- Deactivate Users
- Create Groups
- Update Groups
- Delete Groups
- The Manager attribute is not compatible with Ironclad's reference chains.
Required Role: Admin
- In Ironclad, click on your profile icon located in the top right corner of Ironclad. Click Company Settings > API.
- Create a new bearer token for use by Azure. Name it something descriptive and memorable such as "Azure SCIM Provisioning Token".
- Copy the generated token that displays.
Note: You may need to change the default settings for Switch to the following if the default does not allow for you to remove users:
- Log in to your Microsoft Azure portal with your admin account. In the Manage panel on the left, click Applications > Enterprise Applications then find the Ironclad app you created to enable SSO (e.g. Ironclad).
- Select Create your own application.
- Name the application, and select Integrate any other application you don’t find in the gallery. We recommend naming the application Ironclad.
- From the application's configuration screen, click the Provisioning tab.
- Click Get Started.
- Change the provisioning mode from Manual to Automatic.
- In the Tenant URL field, enter https://ironcladapp.com/scim/v2.
- In the Secret Token field, enter the user’s Ironclad API Token.
- Click Test API Credentials to verify the connection.
- Under Settings, verify that Provisioning Status is turned On, and the Scope is set to your desired scope.
- Under Mappings, select Provision Azure Active Directory Users and unmap the following array type fields. You can remap these in the future.
Pushing users into Ironclad with SCIM is only supported when a single SAML configuration is in place in your Ironclad company.
Any subsequent updates to users or groups within Azure Active Directory are periodically updated in Ironclad.
1. In your Azure Active Directory admin account, under the application, click the Users and Groups tab.
2. Click the Add User button and select the users and groups to assign the to application.
3. On the bottom left-hand side of the screen, click the Assign button. These users will be added or updated in the next provisioning cycle (typically around 45 minutes).
4. From the Users and Groups tab, you can also remove users and groups from the application.
You must manage group permissions in Ironclad after pushing groups via SCIM. Refer to the Group Permissions Overview for more information.