Step 1: Create Azure AD SCIM Application
From your Enterprise Application dashboard, select "New Application".
Select "Create your own application" and continue.
Give your application a descriptive name such as Ten Thousand Coffees, and select the "Integrate any other application you don't find in the gallery (Non-gallery)" option, then click "Create".
Step 2: Configure the Azure AD SCIM Admin Credentials
Select "Provisioning" from the "Manage" section found in the navigation menu of the SCIM application.
Click the "Get Started" button.
Select the "Automatic" Provisioning Mode from the dropdown menu.
Copy and paste the endpoint into the "Tenant URL" field. This will be provided to you by Ten Thousand Coffees via a unique setup link.
Copy and paste the Bearer Token into the Secret Token field. This will be provided to you by Ten Thousand Coffees via a unique setup link.
Click "Test Connection" to receive confirmation that your connection has been set up correctly. Then, select "Save" to persist the credentials.
Step 3: Set up and enable attribute mapping
Expand the "Mappings" section
Make sure the group and user attribute mappings are enabled, and are mapping the correct fields.
Make sure that you are mapping "objectId" to "externalId" within the Attribute Mapping section.
Required profile fields
We require these fields to invite members to your 10KC hub.
Field name |
Data spec requirements |
First Name |
Can be any alpha-numeric string. |
Last Name |
Can be any alpha-numeric string. |
Email Address |
Can be any alpha-numeric string. |
Additional recommended profile fields (optional)
These optional fields that would be beneficial to include. The actual fields used will depend on your program objectives, which your Customer Success Manager will help you finalize.
|
Why we recommend |
Requirements |
Unique ID |
To rectify reporting issues if a member changes their email address.
|
Can be any alpha-numeric string. |
Program Eligibility |
So we only invite eligible participants.
We can also potentially use one of the other fields in this list, such as “Business Unit”. |
We expect the values “eligible” or “ineligible” |
Status |
To de-activate profiles for employees that are on leave. |
We expect the values “active” or “inactive”. They are case-sensitive. |
Job Function, Job Family, or Management Level |
For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.
|
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
Hire Start Date |
For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software. |
We expect the format MM/DD/YYYY. |
Business Unit, Supervisor Organization, or Department |
For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software. |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
City |
For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software. |
Can be any alpha-numeric string. |
Country |
For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software. |
Can be any alpha-numeric string. |
People Manager Status |
For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software. |
We expect “yes” or “no”. |
High Potential Status |
For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software. |
We expect “yes” or “no”. |
Diversity dimensions (e.g. gender, ethnicity, etc) |
For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software. |
Can be any alpha-numeric string. |
First Level Supervisor |
To provide reporting for 3-4 levels under the CEO |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
Second Level Supervisor |
To provide reporting for 3-4 levels under the CEO |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
Third Level Supervisor |
To provide reporting for 3-4 levels under the CEO |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
Locale |
To automatically localize 10KC in the user’s preference in English (US) or French (Canada). |
Must be:
|
Most Recent Role Start Date |
To enable mobility analyses |
We expect the format MM/DD/YYYY |
Role Reason Change Code |
To enable mobility analyses |
Can be any alpha-numeric string. |
Step 4: Assign People & Groups to Azure AD SCIM Application
In order for your users and groups to be synced to Ten Thousand Coffees you will need to assign them to your Azure AD SCIM Application. Select "Users and groups" from the "Manage" section of the navigation menu.
Select "Add user/group" from the top menu.
Select "None selected" under the "Users and Groups". In the menu, select the users and groups that you want to add to the SCIM application, and click "Select".
Select "Assign" to add the selected users and groups to your SCIM application.
Confirm the "Provisioning Status" is set to "On" and that the "Scope" is set to "Sync only assigned users and groups".
Step 5: Test the SCIM Connection
Ten Thousand Coffees will share testing steps to you via email.
Comments
0 comments
Please sign in to leave a comment.