- Users and Groups are created in Azure Active Directory. For more information, see: Azure AD Documentation.
- Sign in to the Azure Active Directory portal using your AD account.
- On the home page, click Azure Active Directory > Enterprise Applications in the left pane.
- Click New application.
- Click Create your own application.
- On the right-hand side of the screen, the Create your own application window opens.
- Enter the name of the application.
- Select the option Integrate any other application you don’t find in the gallery (Non-gallery).
- Click Create.
- A message displays that the application is added successfully.
- The application is added to the Enterprise applications list.
- In the left pane, click Provisioning.
- Click Get started to configure provisioning.
Selecting Provisioning Mode
- From the Provisioning Mode drop-down list, select Automatic for creating and synchronizing user accounts into the application based on user and group assignment.
Configuring Admin Credentials
In the Admin Credentials section, proceed as follows:
- Enter the tenant URL as https://securitymanager.siemens.com/identity-management/api/scim.
- Enter the secret token with the OAuth bearer token value from the application. The validity of token depends on the validity duration set while creating the token.
- Click Test Connection to connect to the SCIM endpoint.
- Connection succeeds if the token is valid and a message displays as the credentials are authorized to enable provisioning.
- Connection fails if the token is invalid and a message displays as the provisioning is failed.
- Click Save to save the admin credentials.
Only after the successful connection is saved, the attributes can be mapped.
In the Mappings section, proceed as follows:
- For Provision Azure Active Directory Groups, ensure that the Enabled option is set as Yes for provisioning groups and leave other values as default.
- For Provision Azure Active Directory Users, set the Enabled option as Yes for provisioning users.
- Click Provision Azure Active Directory Users.
- By default, all the attributes are listed. Delete other attributes except the attributes listed below for mapping the attributes to Azure AD based on Security Manager entity model.
Name and email are mandatory fields.
- emails[type eq "work"].value
- Select the Show advanced options checkbox and click Edit attribute list for customappsso.
- Select the Required? checkbox for the following attributes:
- emails[type eq "work"].value
- Click Save.
- In the Settings section, refresh the screen.
- From the Scope drop-down list, select the required option mentioned below:
- Sync all users and groups
- Sync only assigned users and groups
- To import only specific users and groups into Security Manager, select the Users and groups tab on the left pane and select Add Users to search for users and groups that is to be assigned into Security Manager.
- Enable the Provisioning Status toggled button.
- Click Save to start the initial cycle.
- The later sync occurs approximately every 40 minutes as long as the service is running (sometimes around 20 minutes to several hours).
Application is controlled by the administrator of the tenant and accessible by the authorized users only.