Azure SCIM Provisioning

Skip To: 

• Create a Bearer Token 
• Enable API Integration in Azure 
• Assign Users and Groups to Ironclad
• Next Steps: Configure Group Permissions in Ironclad

Prerequisites

• You must be able to create Ironclad API bearer tokens in your Ironclad company.
• You must have a SAML SSO connector configured in your Ironclad company before provisioning users with SCIM.

Supported Azure Active Directory Features

• Create Users
• Update User Attributes
• Deactivate Users
• Create Groups
• Update Groups
• Delete Groups

Create a Bearer Token

1. Login to Ironclad with a company Admin account and navigate to the Company Settings page by clicking your name in the top-right corner of the application and choosing Company Settings.
2. Navigate to the API tab.
3. Create a new bearer token for use by Azure. Name it something descriptive and memorable (e.g. "Azure SCIM provisioning token").
4. Copy the generated token that appears.

Enable API Integration in Azure

1. Log in to your Azure Active Directory admin account and under Enterprise Applications select + New Application.
   
2. When adding a new application, select + Create your own application.
3. Name this application (perhaps Ironclad), and have the third option selected.
    
4. From the application's configuration screen, navigate to the Provisioning tab.
5. Click Get Started.
6. Change the provisioning mode from manual to Automatic and enter the Tenant URL as https://ironcladapp.com/scim/v2 and the Secret Token as the users Ironclad API Token.
   
7. Click Test API Credentials to confirm the connection works.
8. Under Settings, verify that the provisioning is turned On, and the Scope is correctly set to the desired scope.
   
9. Under Mappings, please select Provision Azure Active Directory Users and unmap the array type-fields. These can be remapped in the future.
   

Assign Users And Groups to the Ironclad Application

Pushing users into Ironclad with SCIM is only supported when a single SAML configuration is in place in your Ironclad company.

1. In Azure AD, under the application, select the Users and Groups tab.
2. Click the + Add User button and select the users and groups to assign the application.
3. On the bottom left-hand side of the screen, click Assign. These users will be added or updated in the next provisioning cycle (typically around 45 minutes).
   
4. From this tab, you can also remove users and groups from the application.

Any subsequent updates to users or groups within Active Directory will periodically be reflected in Ironclad.

Next Steps: Configure Group Permissions in Ironclad

Group permissions must be managed in Ironclad after pushing groups via SCIM. See Managing Permissions for more details about these settings.