Update 2024: Microsoft now has a tutorial which covers integrating WiggleDesk via their Enterprise App Store. This automates much of the work outlined in this page's "Step 2" section.
It can be time consuming to manually invite, remove and keep all your user's access to SAAS products such as WiggleDesk up to date, especially if you have several thousand users. Luckily we have a solution that automates this.
Example user provisioning actions automated by our SCIM integration
What Is SCIM?
System for Cross-domain Identity Management (SCIM) is a standard protocol for automating the process of user management in a cloud-based application. WiggleDesk.com as a SAAS platform allows administrators to set up a SCIM integration with Azure AD, which can help automate the process of provisioning, deprovisioning and updating users.
How To Set Up Our SCIM Integration In Azure AD
To set up SCIM integration with Azure AD on WiggleDesk.com, please follow the step-by-step instructions below:
Step 1: Getting your secret token from WiggleDesk (5 mins)
- Log in to your WiggleDesk.com account as an administrator.
- Go to "Management -> Settings" in the sidebar.
- Click on Automation.
- Make sure 'Enable API Access' is checked. If this option isn't available, please reach out to your account manager who will enable it for your account.
- Go to "Management -> Manage Users" in the sidebar.
- Next to your user account, make sure 'API Access' is checked.
- Go to your profile page, click 'Show API Token'. This is your secret token, copy this, Remember, don't share it with anyone as it is tied to your account and provides access to your organisation's account data:
Step 2: Configure Azure AD as a SCIM provider (20 mins)
- Log in to the Azure portal at https://portal.azure.com/.
- Go to Azure Active Directory.
- In the left navigation menu, click on "Enterprise applications."
- Click on the "New application" button.
- Click on the "create your own application" button.
- Enter a name for the application and select the "Integrate any other application you don't find in the gallery (Non-gallery)" button. Then click the 'Create' button.
- In the left navigation menu, click on "Provisioning".
- In the application's Overview page, click on "Get Started."
- For 'Provisioning Mode', select 'Automatic'.
- For 'Tenant URL' enter: https://wiggledesk.com/scim/v2/?aadOptscim062020
- For 'Secret Token' paste your secret token from WiggleDesk that you copied earlier in step 1.
- Click the 'Test Connection' button.
- You should see a success message at the top right corner:
- Click on "Save" at the top left corner to save these settings.
- Click 'Provision Azure Active Directory Users'
- This next step does require a few minutes of harder concentration than the simpler steps before, (this is a good opportunity to refresh your coffee/tea). Here we will be mapping the user attributes between Azure AD and WiggleDesk. After updating, your mapping will look like this:
- Essentially this process boils down to three steps:
- Deleting all rows apart from 'userPrincipalName', 'mail', 'IsSoftDeleted'.
- IsSoftDeleted uses a custom expression, which you'll need to edit. Click it's text and change the expression to Not([IsSoftDeleted]).
- You'll need to click 'Add New Mapping' to add in the row for the azure attribute: 'objectId' which maps to the SCIM attribute of 'externalId'. This is the primary joining key, so make sure the matching precedence here is set to 1.
- When you're confident the mappings match those in the screenshot above. Click on "Save" at the top left to save the mappings.
- As WiggleDesk doesn't yet support Group provisioning, Turn off this setting, by clicking Provision Azure Active Directory Groups and turn this off.
20. Enter a support email, optionally enter an 'accidental deletion threshold', turn on 'Provisioning status' to 'On' and hit the save button at the top left corner.
Step 3: Test the SCIM integration (5 mins)
- In the Azure portal, go to the Enterprise Application you created in Step 1.
- Click on "Users and Groups" in the left navigation menu.
- Click on "Add user / group".
- Click on "None Selected", choose the users or groups of users that you'd like to test with WiggleDesk. (Tip, choose a test account or user that doesn't already have access to WiggleDesk). Then select 'Assign'.
- On the 'Overview; page, you will soon see the results of the provisioning. It can take up to 40 minutes for Microsoft to run this cycle.
- In your WiggleDesk.com account, go to "Management -> Users" and check if the users have been provisioned.
Congratulations! You have successfully set up SCIM integration with Azure AD on WiggleDesk.com. From now on, user provisioning, deprovisioning and updates will be automatically synced between Azure AD and WiggleDesk.com.
Published Feb. 19, 2023