1. Robin Help Center
  2. User management & provisioning
  3. User management & provisioning

SCIM provisioning using Entra ID (Azure AD)

Updated

Requirements

  • Advanced Authentication + User Management

 

Account owners or admins can use System for Cross-Domain Identity Management (SCIM) to automatically provision users and groups from Entra ID (formerly Azure Active Directory) to applications. Follow Microsoft's guide here. 

 

Robin offers a pre-configured SAML app within the Azure Marketplace. 

Head this way to learn more.

In Robin 

1

Log into your Robin account dashboard: https://dashboard.robinpowered.com/login

2

Navigate to Manage > Integrations > SCIM > Manage

scim-manage.png

3

Generate a new organization token. If you lose this token, you can always make a new one without affecting existing users.

scim-token.png

4

Copy this token into the Secret Token field within Azure.

 

In Azure Active Directory

1

Go to Microsoft Entra admin center > Enterprise Applications, and select New application > Create your own application > Non-gallery application.

2

Enter a name for your application, and click Add to create an app object.

3

Select Provisioning (in the left column).

4

In the Provisioning Mode menu, select Automatic.

Screen_Shot_2023-04-26_at_1.46.50_PM.png

5

In the Tenant URL field, enter the URL of the application's SCIM endpoint:

https://api.robinpowered.com/v1.0/scim-2
6

In the Secret Token field, enter the token generated in Robin in the previous section. 

7

Under "Settings", set the Scope to Sync only assigned users and groups.

8

In the menu on the left, under "Manage", select Users and Groups. Add the users and groups you'd like to provision to Robin.

9

Back in the Provisioning tab, select Start Provisioning. Users should appear in your Robin account within a few minutes.

Attribute Mapping

*Note: the preconfigured app does not support the department attribute.

  • User attributes requested by Robin:

  Screenshot 2024-10-31 at 2.04.50 PM.png

  • Group attributes requested by Robin:
Screenshot 2024-10-31 at 2.02.08 PM.png

  • Optional: To sync optional attributes, create a new attribute mapping

    For example, to sync department data, add a new attribute and set the mapping as shown in the example. 

    'Use the enterprise user schema, urn:ietf:params:scim:schemas:extension:enterprise:2.0:User, with the desired optional attribute.

    037b3dcd-aa8c-450d-831b-54e27d190c4b.png

    Optional attributes

  • department

  • costCenter

  • division

  • employeeNumber

  • locale

  • title

  • manager

  • preferredLanguage

Synchronizing managers

To synchronize managers into Robin, the newly added manager attribute should be added to the mappings, and it should match the manager's externalId in the Entra ID system, 

ie. UserA has an Entra ID set to 3cd19cd0-ba07-4171-86db-50d8d7694e19, and UserB has an Entra ID set to 01972a50-2801-4f06-a403-b41f9f04206e

To set UserA as manager for UserB, the manager field of UserA must be set to 3cd19cd0-ba07-4171-86db-50d8d7694e19. Entra ID can be found in the user’s profile in Entra ID, under Overview → Object ID.

 

Articles in this section

See more
Was this article helpful?
19 out of 46 found this helpful
Share