How can we help?

Set up Guide: AzureAD SCIM

Emily B
Emily B
  • Updated

Step 1: Create Azure AD SCIM Application

From your Enterprise Application dashboard, select "New Application".

A screenshot showing where to select a new application in the All Applications menu in Azure.

Select "Create your own application" and continue.

A screenshot showing where to select 'Create your own application' in the All Applications menu in Azure.
A screenshot showing where to select 'Create your own application' in the All Applications menu in Azure.

Give your application a descriptive name such as Ten Thousand Coffees, and select the "Integrate any other application you don't find in the gallery (Non-gallery)" option, then click "Create".

A screenshot showing where to configure the name of a new application in Azure.
A screenshot showing where to configure the name of a new application in Azure.

Step 2: Configure the Azure AD SCIM Admin Credentials

Select "Provisioning" from the "Manage" section found in the navigation menu of the SCIM application.

A screenshot showing where to select 'Provisioning' from the 'Manage' section in Azure.

Click the "Get Started" button.

A screenshot showing where to select 'Get Started' in the 'Provsioning' menu in Azure.
A screenshot showing where to select 'Get Started' in the 'Provsioning' menu in Azure.

Select the "Automatic" Provisioning Mode from the dropdown menu.

A screenshot showing where to configure the provisioning mode and credentials in Azure.
A screenshot showing where to configure the provisioning mode and credentials in Azure.

Copy and paste the endpoint into the "Tenant URL" field. This will be provided to you by Ten Thousand Coffees via a unique setup link.
Copy and paste the Bearer Token into the Secret Token field. This will be provided to you by Ten Thousand Coffees via a unique setup link.

Click "Test Connection" to receive confirmation that your connection has been set up correctly. Then, select "Save" to persist the credentials.

Step 3: Set up and enable attribute mapping

Expand the "Mappings" section

A screenshot showing where to expand 'Mappings' in Azure.

Make sure the group and user attribute mappings are enabled, and are mapping the correct fields.

A screenshot showing where to ensure User attribute mappings are enabled in Azure.

Make sure that you are mapping "objectId" to "externalId" within the Attribute Mapping section.

A screenshot showing where to ensure 'objectId' is mapped to 'externalId' in the Attribute Mapping section in Azure.
A screenshot showing where to ensure 'objectId' is mapped to 'externalId' in the Attribute Mapping section in Azure.

Required profile fields

We require these fields to invite members to your 10KC hub.

Field name

Data spec requirements

First Name

Can be any alpha-numeric string.

Last Name

Can be any alpha-numeric string.

Email Address

Can be any alpha-numeric string.

 

Additional recommended profile fields (optional)

These optional fields that would be beneficial to include. The actual fields used will depend on your program objectives, which your Customer Success Manager will help you finalize.


Field name

Why we recommend

Requirements

Unique ID

To rectify reporting issues if a member changes their email address.

 

Can be any alpha-numeric string.

Program Eligibility

So we only invite eligible participants.

 

We can also potentially use one of the other fields in this list, such as “Business Unit”.

We expect the values “eligible” or “ineligible”

Status

To de-activate profiles for employees that are on leave.

We expect the values “active” or “inactive”. They are case-sensitive.

Job Function, Job Family, or Management Level

For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.

 

 

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Hire Start Date

For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.

We expect the format MM/DD/YYYY.

Business Unit, Supervisor Organization, or Department

For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

City

For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.

Can be any alpha-numeric string.

Country

For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.

Can be any alpha-numeric string.

People Manager Status

For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.

We expect “yes” or “no”.

High Potential Status

For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.

We expect “yes” or “no”.

Diversity dimensions (e.g. gender, ethnicity, etc)

For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.

Can be any alpha-numeric string.

First Level Supervisor

To provide reporting for 3-4 levels under the CEO

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Second Level Supervisor

To provide reporting for 3-4 levels under the CEO

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Third Level Supervisor

To provide reporting for 3-4 levels under the CEO

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Locale

To automatically localize 10KC in the user’s preference in English (US) or French (Canada).

Must be:

  • “en-US” for English (US)

  • “fr-CA” for French (Canada)

Most Recent Role Start Date

To enable mobility analyses

We expect the format MM/DD/YYYY

Role Reason Change Code

To enable mobility analyses

Can be any alpha-numeric string.

Step 4: Assign People & Groups to Azure AD SCIM Application

In order for your users and groups to be synced to Ten Thousand Coffees you will need to assign them to your Azure AD SCIM Application. Select "Users and groups" from the "Manage" section of the navigation menu.

A screenshot showing where to navigate to 'Users and groups' from the 'Manage' section in Azure.

Select "Add user/group" from the top menu.

A screenshot showing where to select 'Add user/group' in the Users and groups menu in Azure.
A screenshot showing where to select 'Add user/group' in the Users and groups menu in Azure.

Select "None selected" under the "Users and Groups". In the menu, select the users and groups that you want to add to the SCIM application, and click "Select".

A screenshot showing where to select users for a SCIM application in Azure.
A screenshot showing where to select users for a SCIM application in Azure.

Select "Assign" to add the selected users and groups to your SCIM application.

A screenshot showing where to assign the selected users for the SCIM application in Azure.
A screenshot showing where to assign the selected users for the SCIM application in Azure.

Confirm the "Provisioning Status" is set to "On" and that the "Scope" is set to "Sync only assigned users and groups".

A screenshot showing where to ensure that the 'Provisioning Status' is 'On' and 'Scope' is set to 'Sync only assigned users and groups' in Azure.

A screenshot showing where to ensure that the 'Provisioning Status' is 'On' and 'Scope' is set to 'Sync only assigned users and groups' in Azure.Step 5: Test the SCIM Connection

Ten Thousand Coffees will share testing steps to you via email.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 



A screenshot showing where to select a new application in the All Applications menu in Azure.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.