1. Clumio
  2. Knowledge Base
  3. Administration and Security
  4. Authentication and Access

Articles in this section

See more

Configuring SCIM User Provisioning with Azure AD

Hirdesh Ahuja
  • Updated

The Clumio service can integrate with Azure AD for SCIM Provisioning. Please follow the steps below to configure SCIM provisioning with Azure AD. 

 

Ensure that you have the following before you start

  • Azure AD account with admin privileges

  • Clumio account with Super Admin Role

  • The app is assigned to the required groups***
  • SSO with Azure AD enabled

Supported features

  • Create users
  • Update user attributes
  • Deactivate users

Configure SCIM provisioning

In Azure AD

  1. Open the Azure AD Admin console.
  2. Go to Enterprise Applications > Clumio
  3. Navigate to the App's Provisioning section, and select Automatic as the Provisioning Mode. 
  4. Get the SCIM base URL, and SCIM API token from Clumio (see step 5) and paste them under the Admin Credentials collapsible section.
    Screenshot 2023-08-02 at 10.27.27 PM.png
  5. Under the Mappings collapsible section make sure both Provision Azure Active Directory Groups and Provision Azure Active Directory Users are enabled.
    Screenshot 2023-08-02 at 10.28.37 PM.png
  6. When setting up the Provision Azure Active Directory Users mappings, it is important to remove the mailNickname mapping. This is necessary for the AUP to function properly. If this mapping is retained, group names may be changed to their corresponding UUIDs during periodic syncs on Azure AD. This can cause AUP rule evaluations to fail.
    Screenshot 2023-08-02 at 10.31.10 PM.png
  7. Click Save
  8. Set the Provisioning Status to On.
    Screenshot 2023-08-02 at 10.33.25 PM.png
  9. In the Overview section of the App’s provisioning settings. Click Start Provisioning to finish the SCIM setup.

 

In Clumio

  1. Log on to Clumio.
  2. Navigate to Settings > Access Management > Auto user provisioning

    Screen_Shot_2022-09-12_at_2.12.50_PM.png

  3. Click Get Started and type a rule name, select the conditions to apply the rule, give the group a name, select the Super Admin Role, and assign that role to an OU.
    Screen_Shot_2022-09-12_at_10.51.50_AM.png

  4. Click Configure SCIM
  5. Copy the SCIM base URL, and generate and download the SCIM API token. These will be needed for the IdP side setup. Once done, click Close
    Screenshot 2023-07-19 at 5.22.07 PM.png
  6. Next click Provisioning method (optional), and toggle on SCIM Provisioning.
  7. Ensure that the logged-in user is a part of the group that is assigned the Super Admin role, and groups have been pushed from Azure AD (See step 14 above).
  8. Click Enable Auto User Provisioning.
    Screen_Shot_2022-09-12_at_11.46.16_AM.png
  9. You can now create additional rules per your requirements by clicking Create Auto User Provisioning Rule.

Once Auto User Provisioning is enabled, all users are evaluated per the rules you created and any changes to users within Azure AD will automatically reflect within Clumio. 

Note: When you assign a group to an application, only users directly in the group will have access. The assignment does not cascade to nested groups and will need to be assigned to the app explicitly. Additionally, access is only granted to group members and not group owners. 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.