Skip to main content

User Provisioning Through Microsoft Entra ID

  1. Create a new “Enterprise application” in Azure AD Portal

    Browse Microsot Entra Gallery

  2. Go to "Manage -> Provisioning"

    Enteprise Application

  3. You will be redirected to the next page and then select again Provisioning

    Enteprise Application

  4. Select Provisioning Mode as Automatic

    Enteprise Application

  5. Click on Admin Credentials

    Enteprise Application

  6. Set value for Tenant URL: https://zone1.bliksundhub.com/{customer}/grid/v2/scim/v2.0/ and Insert the Secret Token fetched from the setup-page for “Azure AD” in GRID

    Enteprise Application

  7. Test connection by clicking “Test Connection”

    It is recommended to use the “Save” button at the top as settings will be validated, and the form will be expanded with new available options.

Configure mappings for Users

  1. Make sure User provisioning is on, and Groups provisioning is off and Fill out an email address for error-notifications

    Enteprise Application

  2. If mappings exist for “objectId” or “externalId”, delete them

  3. Create a mapping between “objectId” and “externalId”. Make sure “Match objects using this attribute” is set to “Yes”, and “Apply this mapping” is “Always”

  4. Remove or create the other mappings as shown in the picture.

    Enteprise Application

  5. Make sure to set Scope. This defines which users to sync through SCIM, and comes with 2 options

    • “Sync all users and groups” – Sync all users on the organization to GRID. If your organization has users and guests on their Azure AD that should not have users in GRID, choose the other option
    • “Sync only assigned users and groups” – Requires users and groups to be assigned to the “application” before they are synced. Useful if some control is desired over which users have access to GRID

  6. Turn on provisioning

    • This can be done at the bottom of the “Edit provisioning” page, or
    • By using the button “Start provisioning” on the provisioning overview

  7. Wait for users to be provisioned over time

    Enteprise Application

Because of differences in GRIDs user-system and Microsofts Entra ID, there will be some issues that will need manual handling. Those issues include, but are not limited to:

  • In-active duplicated users in GRID
  • Changed email before user is properly SCIM-identified
  • Multiple emails and phone-numbers