Return to help center

all the avatars.png

Automatic SCIM User Provisioning With Azure AD

Setting up SCIM integration with Azure AD on WiggleDesk.com

It can be time consuming to manually invite, remove and keep all your user's access to SAAS products such as WiggleDesk up to date, especially if you have several thousand users. Luckily we have a solution that automates this.

Example user provisioning actions automated by our SCIM integration

user account scim provisioning examples

What Is SCIM?

System for Cross-domain Identity Management (SCIM) is a standard protocol for automating the process of user management in a cloud-based application. WiggleDesk.com as a SAAS platform allows administrators to set up a SCIM integration with Azure AD, which can help automate the process of provisioning, deprovisioning and updating users.

How To Set Up Our SCIM Integration In Azure AD

To set up SCIM integration with Azure AD on WiggleDesk.com, please follow the step-by-step instructions below:

Step 1: Getting your secret token from WiggleDesk (5 mins)

  1. Log in to your WiggleDesk.com account as an administrator.
  2. Go to "Management -> Settings" in the sidebar.
  3. Click on Automation.
  4. Make sure 'Enable API Access' is checked. If this option isn't available, please reach out to your account manager who will enable it for your account.
Enable API Access

  1. Go to "Management -> Manage Users" in the sidebar.
  2. Next to your user account, make sure 'API Access' is checked.
user api access

3. Go to your profile page, click 'Show API Token'. This is your secret token, copy this, Remember, don't share it with anyone as it is tied to your account and provides access to your organisation's account data:

show api token

Step 2: Configure Azure AD as a SCIM provider (20 mins)

  1. Log in to the Azure portal at https://portal.azure.com/.
  2. Go to Azure Active Directory.
  3. In the left navigation menu, click on "Enterprise applications."
  4. Click on the "New application" button.
new scim application

5. Click on the "create your own application" button.

create your own application

6. Enter a name for the application and select the "Integrate any other application you don't find in the gallery (Non-gallery)" button. Then click the 'Create' button.

register_app

7. In the left navigation menu, click on "Provisioning".

provisioning section

8. In the application's Overview page, click on "Get Started."

get started with provisioning

9. For 'Provisioning Mode', select 'Automatic'.

10. For 'Tenant URL' enter: https://wiggledesk.com/scim/v2/?aadOptscim062020

11. For 'Secret Token' paste your secret token from WiggleDesk that you copied earlier in step 1.

12. Click the 'Test Connection' button.

scim provisioning details

13. You should see a success message at the top right corner:

14. Click on "Save" at the top left corner to save these settings.

15. Click 'Provision Azure Active Directory Users'

provision azure active directory users

16. This next step does require a few minutes of harder concentration than the simpler steps before, (this is a good opportunity to refresh your coffee/tea). Here we will be mapping the user attributes between Azure AD and WiggleDesk. After updating, your mapping will look like this:

user scim attribute mappings from azure to WiggleDesk

17. Essentially this process boils down to three steps:

  • Deleting all rows apart from 'userPrincipalName', 'mail', 'IsSoftDeleted'.
  • IsSoftDeleted uses a custom expression, which you'll need to edit. Click it's text and change the expression to Not([IsSoftDeleted]).
  • You'll need to click 'Add New Mapping' to add in the row for the azure attribute: 'objectId' which maps to the SCIM attribute of 'externalId'. This is the primary joining key, so make sure the matching precedence here is set to 1.

18. When you're confident the mappings match those in the screenshot above. Click on "Save" at the top left to save the mappings.

19. As WiggleDesk doesn't yet support Group provisioning, Turn off this setting, by clicking Provision Azure Active Directory Groups and turn this off.

dont provision groups

20. Enter a support email, optionally enter an 'accidental deletion threshold', turn on 'Provisioning status' to 'On' and hit the save button at the top left corner.

final provisioning settings

Step 3: Test the SCIM integration (5 mins)

  1. In the Azure portal, go to the Enterprise Application you created in Step 1.
  2. Click on "Users and Groups" in the left navigation menu.
  3. Click on "Add user / group".
add users

4. Click on "None Selected", choose the users or groups of users that you'd like to test with WiggleDesk. (Tip, choose a test account or user that doesn't already have access to WiggleDesk). Then select 'Assign'.

5. On the 'Overview; page, you will soon see the results of the provisioning. It can take up to 40 minutes for Microsoft to run this cycle.

6. In your WiggleDesk.com account, go to "Management -> Users" and check if the users have been provisioned.

Congratulations! You have successfully set up SCIM integration with Azure AD on WiggleDesk.com. From now on, user provisioning, deprovisioning and updates will be automatically synced between Azure AD and WiggleDesk.com.

Published Feb. 19, 2023
Tagged SCIM


What is WiggleDesk?

WiggleDesk is the easiest way to roll out and manage hybrid working in your organisation.

Get set up in 10 minutes, more info here.