Code Ocean VPC Administration Guide
v2.11
v2.11
  • Code Ocean VPC Administration Guide
  • Overview
    • System Overview
    • System Capacity and Sizing
  • Installation Guide
    • Prerequisites
    • CloudFormation Deployment
    • Deployment Parameters
    • Deployment IAM role
    • Subdomain Delegation
    • Create an Admin Account
    • Upgrade Code Ocean
    • Remove Code Ocean
  • Management Guide
    • User Management
      • Admin Signup
      • Adding/Removing an Administrator
      • Inviting New Users
      • Generating a Reset Password Link
      • Deactivate User
    • Set up a User Banner Message
    • Enable Git Integration
    • Starter Environments
      • Deploy Base Image
      • Image Actions
      • Deploying Private Docker Base Images
    • Set up an Authentication
    • SCIM Provisioning using Azure Active Directory
    • SCIM Provisioning using Okta
    • Configure Worker Parameters
    • ACM Certificate Renewal
  • Troubleshooting Guide
    • Collecting Logs with the Support Bundle
    • Searching Logs in AWS CloudWatch
    • Alarms
Powered by GitBook
On this page
  • Requirements
  • Creating a Custom Application
  • Configuring Provisioning
  • Get the Code Ocean SCIM Provisioning Information (URL and token)
  • Configuring Provisioning in Azure AD
  • Assigning Users & Groups
  • Set Up User Provisioning
  • User Attributes
  • Set-Up Group Provisioning

Was this helpful?

  1. Management Guide

SCIM Provisioning using Azure Active Directory

Learn how to provision SCIM using Azure Active Directory

PreviousSet up an AuthenticationNextSCIM Provisioning using Okta

Last updated 2 years ago

Was this helpful?

The System for Cross-Domain Identity Management (SCIM) user management API enables automatic provisioning of users between the Code Ocean Platform and Azure Active Directory (AAD).

Setting up Groups is the best way to ensure that new users will have all relevant Capsules, Data, and Pipelines available to them when they join, and that there will be no lost assets when team members leave.

It is best practice to utilize Group sharing when working with shared assets.

Requirements

  • Cloud application administrator role or higher in Azure Active Directory

  • An administrator in Code Ocean

Creating a Custom Application

  1. Login into your Microsoft Azure Portal and click Azure Active Directory in the left-hand portal menu. Alternatively, you can search for it in the top search bar

  2. Once inside your AAD Tenant, find and click Enterprise applications in the left-hand menu

3. Click New Application, then Create your own application. In the menu that appears, fill out a name for the app to integrate and leave the bubble selected for Integrate any other application you don't find in the gallery (Non-gallery)

It may take a few minutes for the application to be deployed. The status can be monitored under the Notifications dropdown on the top ribbon.

4. Once the deployment is finished click Enterprise applications link beneath the search bar to find your newly created application

Configuring Provisioning

Get the Code Ocean SCIM Provisioning Information (URL and token)

  1. Go to the Code Ocean Admin Panel

  2. Click Integrations

  3. Scroll down to the SCIM section and copy the Provisioning URL and save it for a later stage

4. Click Generate new token, copy the token and save it for a later stage

Configuring Provisioning in Azure AD

  1. Click Provisioning, then Get Started

2. Use the dropdown box to select Automatic (1), enter the Tenant URL of the Provisioning URL copied from Code Ocean and your Provisioning Token (2, 3)

3. Click Test Connection and observe the successful test (4)

4. Click Save (5)

Assigning Users & Groups

Set Up User Provisioning

  1. Go back to the application main page

  2. Navigate to Users and groups

  3. Click Add user/group

3. Click Users and groups from the list in None Selected

4. Search for users/groups and select them from the list

5. Click Select

6. Click Assign

User Attributes

These fields are supported for mapping user attributes:

  • Name (first and last name)

  • Email (must be lowercase)

  • Active (whether or not a user is enabled or disabled)

Logging in to Code Ocean requires an email address. To sync users to Code Ocean, users in AD must have their email addresses included in their profiles.

Set-Up Group Provisioning

You can provision groups from Azure AD to Code Ocean by assigning a group to the codeocean-scim application. This will create a new group in your Code Ocean account with all the users that are assigned to that group in Azure AD.

  1. Go to the application main page

  2. Navigate to Users and groups

  3. Click Add user/group

4. Search for a group and select it from the list,

5. Click Select

6. Click Assign

Provisioning sync is done every 40 minutes. See more information .

here
mceclip14.png
mceclip15.png