SweetProcess Knowledge Base

Automatic User and Team Provisioning with Microsoft Azure Active Directory Using SCIM

This guide will walk you through the steps to set up synchronization between Microsoft Azure Active Directory (Azure AD) and SweetProcess using the System for Cross-domain Identity Management (SCIM) protocol. SCIM simplifies user and team management by automating the provisioning and de-provisioning process and ensuring that user information is consistently up-to-date across both platforms.

Team Synchronization: Please note that synchronizing teams (groups) will require an optional paid plan upgrade from Microsoft. If you plan to sync teams along with users, ensure that your Azure AD subscription includes this capability. SweetProcess of course provides the entire SCIM and Single Sign On capability at no extra cost.

Prerequisites

1. You must be the a super manager on your account;
2. An active account with administrative access in Microsoft Azure AD 
  1. 1

    Creating an API token

    Before setting up synchronization, you need to create an API token which will be used to authenticate the SCIM requests.
    1. Navigate to the API Tokens page sweetprocess.com/accounts/tokens/
    2. Create a new API token with the scope 'scim', give it a purpose to remind yourself about why you created it.
    3. Note down the generated token as you will need it for setting up the integration in Azure AD.
  2. 2

    Essential Parameters Table

    Here's a table of the essential parameters you'll need:
    ParameterDescriptionValue
    SCIM EndpointThe endpoint URL for SCIM requests.https://www.sweetprocess.com/scim/v2/
    API TokenToken for authenticating SCIM requests.Generated in Step 1
  3. 3

    Setting Up the Custom Enterprise App in Microsoft Azure Active Directory

    To integrate with SweetProcess using SCIM, you will set up a custom enterprise application in Azure AD.
    1. Log into your Azure AD portal.
    2. Go to 'Enterprise applications' and select '+ New application'.
    3. Choose 'Non-gallery application' and provide a name for the custom app.
    4. Once created, navigate to the 'Provisioning' section in the application.
    5. Set the 'Provisioning Mode' to 'Automatic'.
    6. In the 'Admin Credentials' section, enter the SCIM endpoint and the API token you generated earlier.
  4. 4

    Understanding the Synchronization Process and Final Notes

    • Azure AD syncs with SweetProcess every 40 minutes.
    • The sync process might not transfer all data at once. This is normal and ensures the stability and reliability of the process.
    • If immediate sync is needed, manual sync options are available in the Azure AD portal, though Microsoft will not send team membership information during manual syncs.

    Final Notes

    After completing these steps, your Azure AD and SweetProcess should be successfully integrated. Users and teams (groups) from Azure AD will be automatically updated in SweetProcess according to the sync schedule.
If you still have a question, we’re here to help. Contact us