# SCIM Provisioning using Azure Active Directory
The System for Cross-Domain Identity Management (SCIM) user management API enables automatic provisioning of users between the Code Ocean Platform and Azure Active Directory (AAD).
## Requirements
* Cloud application administrator role or higher in Azure Active Directory
* An administrator in Code Ocean
## Creating a Custom Application
1. Login into your Microsoft Azure Portal and click **Azure Active Directory** in the left-hand portal menu. Alternatively, you can search for it in the top search bar
2. Once inside your AAD Tenant, find and click **Enterprise applications** in the left-hand menu
3\. Click **New Application**, then **Create your own application**. In the menu that appears, fill out a name for the app to integrate and leave the bubble selected for **Integrate any other application you don't find in the gallery (Non-gallery)**
{% hint style="warning" %}
It may take a few minutes for the application to be deployed. The status can be monitored under the Notifications dropdown on the top ribbon.
{% endhint %}
4\. Once the deployment is finished click **Enterprise applications link** beneath the search bar to find your newly created application
## Configuring Provisioning
### Get the Code Ocean SCIM Provisioning Information (URL and token)
1. Go to the Code Ocean Admin Panel
2. Click **Integrations**
3. Scroll down to the SCIM section and copy the Provisioning URL and save it for a later stage
4\. Click **Generate new token**, copy the token and save it for a later stage
###
### Configuring Provisioning in Azure AD
1. Click **Provisioning**, then **Get Started**
2\. Use the dropdown box to select **Automatic** (1), enter the **Tenant URL** of the Provisioning URL copied from Code Ocean and your Provisioning Token (2, 3)
3\. Click **Test Connection** and observe the successful test (4)
4\. Click **Save** (5)
{% hint style="info" %}
Provisioning sync is done every 40 minutes. See more information [here](https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user).
{% endhint %}
## Assigning Users & Groups
### Set Up User Provisioning
1. Go back to the application main page
2. Navigate to **Users and groups**
3. Click **Add user/group**
3\. Click **Users and groups** from the list in None Selected
4\. Search for users/groups and select them from the list
5\. Click **Select**
6\. Click **Assign**
### User Attributes
These fields are supported for mapping user attributes:
* Name (first and last name)
* Email (must be lowercase)
* Active (whether or not a user is enabled or disabled)
{% hint style="warning" %}
Logging in to Code Ocean requires an email address. To sync users to Code Ocean, users in AD must have their email addresses included in their profiles.
{% endhint %}
### Set-Up Group Provisioning
You can provision groups from Azure AD to Code Ocean by assigning a group to the codeocean-scim application. This will create a new group in your Code Ocean account with all the users that are assigned to that group in Azure AD.
1. Go to the application main page
2. Navigate to **Users and groups**
3. Click **Add user/group**
4\. Search for a group and select it from the list,
5\. Click **Select**
6\. Click **Assign**
