SCIM Provisioning using Azure Active Directory
Last updated
Last updated
The System for Cross-Domain Identity Management (SCIM) user management API enables automatic provisioning of users between the Code Ocean Platform and Azure Active Directory (AAD).
Cloud application administrator role or higher in Azure Active Directory
An administrator in Code Ocean
Login into your Microsoft Azure Portal and click Azure Active Directory in the left-hand portal menu. Alternatively, you can search for it in the top search bar
Once inside your AAD Tenant, find and click Enterprise applications in the left-hand menu
3. Click New Application, then Create your own application. In the menu that appears, fill out a name for the app to integrate and leave the bubble selected for Integrate any other application you don't find in the gallery (Non-gallery)
It may take a few minutes for the application to be deployed. The status can be monitored under the Notifications dropdown on the top ribbon.
4. Once the deployment is finished click Enterprise applications link beneath the search bar to find your newly created application
Go to the Code Ocean Admin Panel
Click Integrations
Scroll down to the SCIM section and copy the Provisioning URL and save it for a later stage
4. Click Generate new token, copy the token and save it for a later stage
Click Provisioning, then Get Started
2. Use the dropdown box to select Automatic (1), enter the Tenant URL of the Provisioning URL copied from Code Ocean and your Provisioning Token (2, 3)
3. Click Test Connection and observe the successful test (4)
4. Click Save (5)
Provisioning sync is done every 40 minutes. See more information here.
Go back to the application main page
Navigate to Users and groups
Click Add user/group
3. Click Users and groups from the list in None Selected
4. Search for users/groups and select them from the list
5. Click Select
6. Click Assign
These fields are supported for mapping user attributes:
Name (first and last name)
Email (must be lowercase)
Active (whether or not a user is enabled or disabled)
Logging in to Code Ocean requires an email address. To sync users to Code Ocean, users in AD must have their email addresses included in their profiles.
You can provision groups from Azure AD to Code Ocean by assigning a group to the codeocean-scim application. This will create a new group in your Code Ocean account with all the users that are assigned to that group in Azure AD.
Go to the application main page
Navigate to Users and groups
Click Add user/group
4. Search for a group and select it from the list,
5. Click Select
6. Click Assign