SCIM Provisioning using Azure Active Directory
Learn how to provision SCIM using Azure Active Directory
The System for Cross-Domain Identity Management (SCIM) user management API enables automatic provisioning of users between the Code Ocean Platform and Azure Active Directory (AAD).
Setting up Groups is the best way to ensure that new users will have all relevant Capsules, Data, and Pipelines available to them when they join, and that there will be no lost assets when team members leave.
It is best practice to utilize Group sharing when working with shared assets.
Requirements
Cloud application administrator role or higher in Azure Active Directory
An administrator in Code Ocean
Creating a Custom Application
Login into your Microsoft Azure Portal and click Azure Active Directory in the left-hand portal menu. Alternatively, you can search for it in the top search bar
Once inside your AAD Tenant, find and click Enterprise applications in the left-hand menu
3. Click New Application, then Create your own application. In the menu that appears, fill out a name for the app to integrate and leave the bubble selected for Integrate any other application you don't find in the gallery (Non-gallery)
It may take a few minutes for the application to be deployed. The status can be monitored under the Notifications dropdown on the top ribbon.
4. Once the deployment is finished click Enterprise applications link beneath the search bar to find your newly created application
Configuring Provisioning
Get the Code Ocean SCIM Provisioning Information (URL and token)
Go to the Code Ocean Admin Panel
Click Integrations
Scroll down to the SCIM section and copy the Provisioning URL and save it for a later stage
4. Click Generate new token, copy the token and save it for a later stage
Configuring Provisioning in Azure AD
Click Provisioning, then Get Started
2. Use the dropdown box to select Automatic (1), enter the Tenant URL of the Provisioning URL copied from Code Ocean and your Provisioning Token (2, 3)
3. Click Test Connection and observe the successful test (4)
4. Click Save (5)
Provisioning sync is done every 40 minutes. See more information here.
Assigning Users & Groups
Set Up User Provisioning
Go back to the application main page
Navigate to Users and groups
Click Add user/group
3. Click Users and groups from the list in None Selected
4. Search for users/groups and select them from the list
5. Click Select
6. Click Assign
User Attributes
These fields are supported for mapping user attributes:
Name (first and last name)
Email (must be lowercase)
Active (whether or not a user is enabled or disabled)
Logging in to Code Ocean requires an email address. To sync users to Code Ocean, users in AD must have their email addresses included in their profiles.
Set-Up Group Provisioning
You can provision groups from Azure AD to Code Ocean by assigning a group to the codeocean-scim application. This will create a new group in your Code Ocean account with all the users that are assigned to that group in Azure AD.
Go to the application main page
Navigate to Users and groups
Click Add user/group
4. Search for a group and select it from the list,
5. Click Select
6. Click Assign
Last updated