Overview
The Microsoft Entra provisioning service uses the SCIM 2.0 protocol for automatic provisioning. The service connects to the SCIM endpoint for the application, and uses SCIM user object schema and REST APIs to automate the provisioning and de-provisioning of users and groups. Extraordinary does not provide a Gallery App.
Please create a custom Enterprise App to begin provisioning Entra users to Extraordinary.
Authorisation
The Extraordinary SCIM interface requires the use of a Client Credentials Grant for Authorization.
You can generate a set of Client Credentials from the Customer Portal, in the settings tab pictured below. If you do not see the SCIM tab, it means you lack the required permissions to set up an integration.
After generating your Client Credentials, enter them as pictured below.
Tag Mappings
In order to provision Users into your Extraordinary organisation, ensure that the following tag mappings are set in the Attribute Mapping tab:
- userName: userPrincipalName
- name.givenName: givenName
- name.familyName: familyName
- phoneNumbers[type eq "mobile"].value: mobile
- externalId: employeeId (ExternalID is pulled into our platform as a freeform string. Public Transport salary sacrifices make heavy use of this ID - if you are using our public transport module, please ensure that this ID matches the key that will be placed in the reference field of salary sacrifices made by your payroll system)
Provisioning Scope
In order for Entra to send users to Extraordinary via SCIM, they must be in the Entra App's provisioning scope. This can occur either by being a member of a group that has been added to the app, or being added to the app directly as a user. Either of these can be achieved from the "Users" and "Groups" tabs of the App sidebar menu, respectively.
If you have any issues completing the above setup, please reach out to our Support team here and we will forward your request to our Product team.
Comments
0 comments
Article is closed for comments.