Skip to main content

Azure Active Directory SCIM provisioning

info

This is a Kisi-built integration, maintained and supported by Kisi.

Before you start, make sure you have SSO set up for your organization. Then just follow the next steps to generate a SCIM token and add the Kisi Physical Security app in Azure.

Generate your SCIM token in Kisi

  1. Sign in to Kisi as the organization owner
  2. Under Settings click on SSO & SCIM
  3. Disable SCIM and click Save
  4. Re-enable it and click on Generate Token
  5. Copy the token (shown once)

Set up SCIM with Azure

  1. Sign in to your Azure Active Directory portal
  2. Click on Enterprise applications
  3. Under All Applications, select your Kisi Physical Security application
  4. Navigate to the Provision User Accounts card and click Get Started
  5. Change provisioning mode from Manual to Automatic
  6. Add https://api.kisi.io/scim/v2 as the Tenant URL and enter your SCIM token in Secret Token field
  7. Click Test Connection to verify if the test succeeds before clicking Save
  8. Under Settings you can define whether both groups and users should be synchronized. Add an email address that will receive an alert if the synchronization fails.
  9. Navigate back to Enterprise applications, choose Kisi Physical Security and click on Users and groups
  10. Add any groups and users you want to sync with Kisi
  11. Go back to Provisioning and click Start provisioning (greyed out means it's already running)

You can sync single users on demand under Provisioning > Provision on demand. Groups cannot be synced on demand.

note

The initial Azure Active Directory sync is triggered immediately after you enable provisioning. Subsequent syncs are triggered every 20-40 minutes, depending on the number of users and groups in the application. This means that any updates in Azure might take between 20-40 minutes before they are propagated to Kisi.

Sync user metadata attribute

If you want to sync additional data to your user, you can do so using the metadata attribute. See Create Member documentation. You can map any attribute to the metadata object by naming it metadata.your_attribute, which will then be stored in Kisi as follows:

"metadata": { "your_attribute": "value" }

To map an attribute, go to your SCIM application and follow the steps below.

  1. Click on Provisioning and Edit provisioning
  2. Click on Mappings and Provision Microsoft Entra ID Users
  3. At the bottom, click on Show advanced options and Edit attribute list
  4. At the bottom of the attributes table, fill in a new field name such as metadata.city and click Save
  5. Click on Add new mapping
  6. In the Source attribute dropdown, select the attribute you want to sync to Kisi, such as city
  7. In the Target attribute dropdown, select the new attribute you just created, in this example metadata.city
  8. Click Ok
  9. Click Save

Now, the city set in Azure will be synced to metadata: { city: "Name of city" } on your user in Kisi.

Last updated on by KatalinH16