SCIM Configuration | echonovum Docs

Before you Start

Following prerequisites need to be met before you can start with the configuration:

An organization in the echonovum Hub that is configured to support SCIM.
- Contact our support team to enable SCIM for your organization.
Access to the echonovum Hub
Access to the Microsoft Azure Portal
A user in Azure that has the following roles assigned:
- Application administrator
- External Identity Provider administrator

Automated User Provisioning: SCIM allows for automated user provisioning, thus limiting setup time per user.
Better user experience: A user can be provisioned by the application manager, before a user has first logged in to the platform. Therefore, correct access rights can be given, allowing a better user experience.
Security: SCIM can help to ensure that user accounts are created and deleted in a timely manner, reducing the risk of unauthorized access to systems and data.

Supported Attributes to map to an echonovum User

Username: The username of the user. This is a required field.
Email address: The email address of the user. This is a required field.
Given Name: The first name of the user. This is a required field.
Family Name: The last name of the user. This is a required field.
Active: The status of the user. This is a required field and defaults to true.
Locale: The locale of the user. This is an optional field and defaults to de.

Click on “Provisioning” within the menu in your Enterprise Application on Azure.
Click on “Get started”
Select “Automatic” as Provisioning Mode
- With this setting enabled, users will automatically be provisioned every ~45 min by azure.
Input the Admin Credentials (Tenant URL and token)
- These are given to you by the echonovum customer success
- The tenant url is of the format https://hub.echonovum.com/scim//v2
Test the connection
- On success move on to the settings tab
- On failure, check the credentials again or get support from the echonovum customer success
Add additional settings within the settings tab by your choosing for
- Getting notified on failures
- Prevent accidental deletion
Click “Save” and then close the provisioning tab in the top right corner

Click on “Provisioning” in Navigation under “Manage”
Disable Attribute Mapping for Groups (currently no supported)
- Click on “Provision Microsoft Entra ID Groups” → Set “Enabled” to “No” → Press “Save” → Close on the top right
Configure Attribute Mapping for Users
- Click on “Provision Microsoft Entra ID Users”
- Disable “Update” in the Target Object Actions (currently not supported)
Set up the actual attribute mapping as follows
Open the image in a new tab to see it in full
- First use the delete buttons on the right to delete unnecessary attributes and click save
- After that you’ll end up with a list of following attributes
  - userName
  - active
  - emails(type eq “work”].value
  - name.givenName
  - name.familyName
Create the custom field “locale”
- Click on “add new mapping”
- Select “Expression” as Mapping type
- Copy following expression in the input field
Switch([preferredLanguage], "en", "de-DE", "de", "de-CH", "de", "fr-CH", "fr", "fr-FR", "fr", "it-IT", "it")
- Insert all the additional info as follows and press “Ok”
Save and close the “Attribute Mapping” page

In the Manage > Users and groups section you can add groups or users that are in the scope of the provisioning.

To check if a user can be provisioned successfully, you can also provision users on demand.

For this, do the following:

Under Manage > Provisioning you’ll find “Provisioning Status”. Turn it “on” and press save. User are now provisioned automatically every ~45 min.

The Provisioning and the Audit logs section (left hand menu) give you all the insights you need to monitor and trouble shoot provisioning.