We have implemented an interface according to SCIM2 standard to connect Active Directories. Users and groups can be synchronised between Azure AD and SoSafe. For this purpose, Microsoft compares the stored data with your SoSafe user data base and sends updates to our interface. Which users, groups and data are shared can be configured in Azure AD and our manager.
You can set up our interface using the Azure "Enterprise Applications".
As we are still developing this function, we are not yet listed as an enterprise application in the Azure AD catalogue. However, we can be configured as "Own Application".
Supported functions are:
- Creating users and groups in SoSafe
- Removing users from SoSafe groups
- Synchronising users and groups in SoSafe
- Provision of groups and group membership of SoSafe
Currently not yet supported functions
- Nested groups
- Listing in the Azure App Catalogue
- An Azure AD client
- A user account in Azure AD with permission to configure staging
- An administrator account with SoSafe
- We are working on providing you with the client URL and access token dircectly in the SoSafe manager, at the moment these are still created manually
- Please tell your Implementation Manager your Azure Tenant ID.
- Please tell your Implementation Manager, whether you want to group your users through Azure Groups or through attributes.
Step 1: "Create your own application
1. log in to the Azure portal Select Enterprise Applications and then All Applications and click on New application.
2. Select Create your own application from the list.
3. Name the application and choose integrate other not listed application
Schritt 2: Deploying users and groups
1. Add users and groups, you want to synchronize to the application
- Start small. Test your deployment with a small group of users and groups before you share it with everyone. If the staging area is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. If the scope is set to all users and groups, you can specify an attribute-based scope filter.
Step 3: Setting up user provisioning
1. Select the Deployment and Getting Started tab.
- You will receive the client URL and the access token later in our manager, at the moment a SoSafe technician will support you with the set up.
2. Set the deployment mode to automatic and insert the client URL, the Access Token and the notification mail.
Step 4: Checking the attribute assignment
1. check the attribute assignment of users
2. You can remove all but the assignments shown here.
- We support the exchange of all attributes of the standard assignment as well as user-defined assignments. These must be entered accordingly in our manager.
- However, we actively use only the fields shown here plus academic title and salutation/gender, which can be transferred via user-defined fields.
3. You can check the group attributes, however the following attributes are obligatory.
Step 5: Start provisioning
1. Once you start the provisioning, you can check the synchronization in the manager