SCIM Provisioning

Starmind supports SCIM provisioning with Azure Active Directory. The SCIM protocol simplifies the process of creating and managing user accounts in Starmind. When you add, update, or remove users in Azure AD, SCIM automatically propagates these changes to your Starmind network.

Requirements

  1. Your Identity Provider is Azure Active Directory.
  2. Users in your Active Directory have the following properties:
    1. Email (the matching attribute)
    2. First Name
    3. Last Name

Configuration

Here is Microsoft tutorial: Configure Starmind for automatic user provisioning

To configure SCIM provisioning, you will need an API key, which you can receive from your Solution Architect.

  1. Sign in to the Azure Portal. In Azure AD, select Enterprise Application, then select All applications.
  1. Select New application.
  1. Search for Starmind
  1. Click Create.
  2. Select Provisioning.
  1. Select Get started.
  1. Select Provisioning Mode -> Automatic.
  1. Under the Admin Credentials section, input the SCIM Base URL for your network in Tenant URL and the API key provided by Starmind in secret token. Click Test Connection to ensure that Azure AD can connect to Starmind. If the connection fails, ensure that your provided credentials are correct or get in touch with your Solution Architect.
  1. In the Settings -> Notification Email field, enter the email address of a person or group who should receive the provisioning error notifications and check the Send an email notification when a failure occurs box.
  1. Click Save.
  2. Under the Mappings section, select Provision Azure Active Directory Users.
  1. The attribute mapping can now be configured. The following sub-steps describe the attribute mapping:
  • Set Enabled to Yes.
  • Disable/enable target object actions (actions on users.)
  • In the Attribute Mapping table, search for the userPrincipalName attribute in the left column and click on it. A form will show the details of this attribute. In the form select Matching precedence -> 2 and click OK.
  • In the Attribute Mapping table, search for the mail attribute in the left column and click on it. Select Match objects using this attribute -> Yes, enter Matching precedence -> 1 and click OK.
  • In the Attribute Mapping table, select userPrincipalName again, select Match objects using this attribute -> No, and click OK.
  • Configure the remaining Attribute Mapping as shown in the picture below. This image demonstrates the correct attribute mapping for Starmind.
  • Save all changes.
  • To enable the Azure AD provisioning service for Starmind, change the Provisioning Status to On in the Settings section.
  • Define the users that you would like to provision to Starmind by choosing the desired values in Scope in the Settings section.
  • When you are ready to provision, click Save.

This operation starts the initial synchronization of all users defined in Scope in the Settings section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. You can use the Synchronization Details section to monitor progress and follow links to the provisioning activity report, which describes all actions performed by the Azure AD provisioning service on Starmind.