"SCIM" Posts

Return to help center homepage

Automatic User Provisioning with SCIM

Fully automatic user provisioning, deprovisioning and user updates, now possible with our new connection with Microsoft Azure AD.

WiggleDesk is pleased to announce our integration with System for Cross-domain Identity Management (SCIM), a standard for automating the exchange of user identity information between organizations. This integration will make it easier for organizations to manage their users in both on-premises and cloud-based systems.

What is SCIM?

SCIM is a standard for automating the exchange of user identity information between organizations. It provides a simple, standard way for organizations to manage the identity of users and other entities, such as groups, across systems and applications.

Why is SCIM helpful?

SCIM is designed to reduce the administrative overhead of managing users in multiple systems. By automating the exchange of user information, SCIM eliminates the need for manual data entry and reduces the risk of errors in user data. Additionally, it provides a consistent view of user identity across systems and applications, making it easier for organizations to manage user access and permissions.

WiggleDesk SCIM Endpoint

WiggleDesk now offers a SCIM endpoint, which allows organizations to automate the exchange of user identity information between their systems and WiggleDesk. This endpoint is based on the SCIM 2.0 standard and supports all of the core SCIM operations, including create, read, update, and delete.

To settup your SCIM integration, you'll need to be logged in as an Admin account, then follow these simple steps:

  1. Go to your profile page to generate and then copy your API key (reach out to your account manager if you don't yet have an account approved for API access).
  2. In your SCIM user identity provider enter https://wiggledesk.com/scim/v2/Users where it asks for endpoint URL.
  3. In your SCIM user identity provider enter your API key copied in step 1 where it asks for your Token (sometimes called 'Bearer Token').
  4. The provisioning cycle is now ready to run, you'll soon start to see users automatically added to your Manage Users page.

Example SCIM Use Case

When your SCIM compatible user identity provider has a new user created within it, it will soon thereafter send WiggleDesk that user's details, automatically creating their account. This allows them to log in with Microsoft / Google SSO.

An example JSON POST request sent to create a new user would look like this:

{

"active": true,

"emails": [

{

"type": "work",

"value": "example@example.info"

}

],

"externalId": "d8ffd6a9-cede-41a4-815e-a52a53180333",

"userName": "Example Username"

}

Integration with Azure AD

WiggleDesk plans to soon be added to the Azure AD Application Gallery as an app, which makes it easier for organizations to discover and start using our SCIM integration. To integrate WiggleDesk with Azure AD, you will simply add WiggleDesk from the Azure AD Application Gallery and follow the on-screen instructions to set up the integration.

With the SCIM integration, organizations can now manage their hybrid working environment with ease and efficiency. We're confident that this integration will be a valuable addition to the WiggleDesk platform and look forward to seeing the benefits it brings to our customers.

If you have any questions or need assistance with setting up the SCIM integration, please don't hesitate to reach out to our support team at support@wiggledesk.com.

Revised: Feb. 13, 2023, 1:09 a.m.

Read More


all the avatars.png

Automatic SCIM User Provisioning With Azure AD

Setting up SCIM integration with Azure AD on WiggleDesk.com

Update 2024: Microsoft now has a tutorial which covers integrating WiggleDesk via their Enterprise App Store. This automates much of the work outlined in this page's "Step 2" section.

It can be time consuming to manually invite, remove and keep all your user's access to SAAS products such as WiggleDesk up to date, especially if you have several thousand users. Luckily we have a solution that automates this.

Example user provisioning actions automated by our SCIM integration

scim examples

What Is SCIM?

System for Cross-domain Identity Management (SCIM) is a standard protocol for automating the process of user management in a cloud-based application. WiggleDesk.com as a SAAS platform allows administrators to set up a SCIM integration with Azure AD, which can help automate the process of provisioning, deprovisioning and updating users.

How To Set Up Our SCIM Integration In Azure AD

To set up SCIM integration with Azure AD on WiggleDesk.com, please follow the step-by-step instructions below:

Step 1: Getting your secret token from WiggleDesk (5 mins)

  1. Log in to your WiggleDesk.com account as an administrator.
  2. Go to "Management -> Settings" in the sidebar.
  3. Click on Automation.
  4. Make sure 'Enable API Access' is checked. If this option isn't available, please reach out to your account manager who will enable it for your account.
Enable API Access

  1. Go to "Management -> Manage Users" in the sidebar.
  2. Next to your user account, make sure 'API Access' is checked.
user api access
  1. Go to your profile page, click 'Show API Token'. This is your secret token, copy this, Remember, don't share it with anyone as it is tied to your account and provides access to your organisation's account data:
show api token

Step 2: Configure Azure AD as a SCIM provider (20 mins)

  1. Log in to the Azure portal at https://portal.azure.com/.
  2. Go to Azure Active Directory.
  3. In the left navigation menu, click on "Enterprise applications."
  4. Click on the "New application" button.
new scim application

  1. Click on the "create your own application" button.
create your own application

  1. Enter a name for the application and select the "Integrate any other application you don't find in the gallery (Non-gallery)" button. Then click the 'Create' button.
register_app

  1. In the left navigation menu, click on "Provisioning".

provisioning section

  1. In the application's Overview page, click on "Get Started."

get started with provisioning

  1. For 'Provisioning Mode', select 'Automatic'.

  1. For 'Tenant URL' enter: https://wiggledesk.com/scim/v2/?aadOptscim062020

  1. For 'Secret Token' paste your secret token from WiggleDesk that you copied earlier in step 1.

  1. Click the 'Test Connection' button.

scim provisioning details

  1. You should see a success message at the top right corner:

  1. Click on "Save" at the top left corner to save these settings.

  1. Click 'Provision Azure Active Directory Users'

provision azure active directory users

  1. This next step does require a few minutes of harder concentration than the simpler steps before, (this is a good opportunity to refresh your coffee/tea). Here we will be mapping the user attributes between Azure AD and WiggleDesk. After updating, your mapping will look like this:

user scim attribute mappings from azure to WiggleDesk

  1. Essentially this process boils down to three steps:
  • Deleting all rows apart from 'userPrincipalName', 'mail', 'IsSoftDeleted'.
  • IsSoftDeleted uses a custom expression, which you'll need to edit. Click it's text and change the expression to Not([IsSoftDeleted]).
  • You'll need to click 'Add New Mapping' to add in the row for the azure attribute: 'objectId' which maps to the SCIM attribute of 'externalId'. This is the primary joining key, so make sure the matching precedence here is set to 1.

  1. When you're confident the mappings match those in the screenshot above. Click on "Save" at the top left to save the mappings.

  1. As WiggleDesk doesn't yet support Group provisioning, Turn off this setting, by clicking Provision Azure Active Directory Groups and turn this off.

dont provision groups

20. Enter a support email, optionally enter an 'accidental deletion threshold', turn on 'Provisioning status' to 'On' and hit the save button at the top left corner.

final provisioning settings

Step 3: Test the SCIM integration (5 mins)

  1. In the Azure portal, go to the Enterprise Application you created in Step 1.
  2. Click on "Users and Groups" in the left navigation menu.
  3. Click on "Add user / group".
add users

  1. Click on "None Selected", choose the users or groups of users that you'd like to test with WiggleDesk. (Tip, choose a test account or user that doesn't already have access to WiggleDesk). Then select 'Assign'.

  1. On the 'Overview; page, you will soon see the results of the provisioning. It can take up to 40 minutes for Microsoft to run this cycle.

  1. In your WiggleDesk.com account, go to "Management -> Users" and check if the users have been provisioned.

Congratulations! You have successfully set up SCIM integration with Azure AD on WiggleDesk.com. From now on, user provisioning, deprovisioning and updates will be automatically synced between Azure AD and WiggleDesk.com.

Revised: Oct. 29, 2024, 10:42 a.m.

Read More


Today's Interesting DataPoint

Did you know, according to a recent McKinsey study, 47% of all jobs in the UK alone can be performed at least 1 day a week at home, without losing any measurable productivity?


What is WiggleDesk?

WiggleDesk is the easiest way to roll out and manage hybrid working in your organisation.

Get set up in 10 minutes, more info here.