SCIM Provisioning using Azure Active Directory

Learn how to provision SCIM using Azure Active Directory

The System for Cross-Domain Identity Management (SCIM) user management API enables automatic provisioning of users between the Code Ocean Platform and Azure Active Directory (AAD).

Requirements

  • Cloud application administrator role or higher in Azure Active Directory

  • An administrator in Code Ocean

Creating a Custom Application

  1. Login into your Microsoft Azure Portal and click Azure Active Directory in the left-hand portal menu. Alternatively, you can search for it in the top search bar

  2. Once inside your AAD Tenant, find and click Enterprise applications in the left-hand menu

3. Click New Application, then Create your own application. In the menu that appears, fill out a name for the app to integrate and leave the bubble selected for Integrate any other application you don't find in the gallery (Non-gallery)

It may take a few minutes for the application to be deployed. The status can be monitored under the Notifications dropdown on the top ribbon.

4. Once the deployment is finished click Enterprise applications link beneath the search bar to find your newly created application

Configuring Provisioning

Get the Code Ocean SCIM Provisioning Information (URL and token)

  1. Go to the Code Ocean Admin Panel

  2. Click Integrations

  3. Scroll down to the SCIM section and copy the Provisioning URL and save it for a later stage

4. Click Generate new token, copy the token and save it for a later stage

Configuring Provisioning in Azure AD

  1. Click Provisioning, then Get Started

2. Use the dropdown box to select Automatic (1), enter the Tenant URL of the Provisioning URL copied from Code Ocean and your Provisioning Token (2, 3)

3. Click Test Connection and observe the successful test (4)

4. Click Save (5)

Provisioning sync is done every 40 minutes. See more information here.

Assigning Users & Groups

Set Up User Provisioning

  1. Go back to the application main page

  2. Navigate to Users and groups

  3. Click Add user/group

3. Click Users and groups from the list in None Selected

4. Search for users/groups and select them from the list

5. Click Select

6. Click Assign

User Attributes

These fields are supported for mapping user attributes:

  • Name (first and last name)

  • Email (must be lowercase)

  • Active (whether or not a user is enabled or disabled)

Logging in to Code Ocean requires an email address. To sync users to Code Ocean, users in AD must have their email addresses included in their profiles.

Set-Up Group Provisioning

You can provision groups from Azure AD to Code Ocean by assigning a group to the codeocean-scim application. This will create a new group in your Code Ocean account with all the users that are assigned to that group in Azure AD.

  1. Go to the application main page

  2. Navigate to Users and groups

  3. Click Add user/group

4. Search for a group and select it from the list,

5. Click Select

6. Click Assign

Last updated