Azure SCIM Configuration
The SCIM integration allows automatic provisioning of End-users and groups from Azure AD for the desk booking feature in Logi Tune. Note that IT-users cannot be provisioned with SCIM.
Provisioning instructions
Create and configure an enterprise application in Azure AD
Log in as administrator to your account in the Azure AD portal.
Go to the Azure AD.
In the Azure AD navigation menu, select Enterprise Applications.
The All applications page displays enterprise applications configured in your Azure AD tenant.
In All applications, click New application (+).
You're redirected to the Azure AD gallery that displays the available application templates.
In Browse Azure AD Gallery (Preview), click Create your own application (+).
Select Integrate any other application you don't find in the gallery, enter a unique name for your SCIM application, and click Create.
You're redirected to your newly created enterprise application. The navigation menu lets you display and, if needed, configure the application properties.
In the application menu, go to Manage, and select Properties.
The Properties page allows you to view all configurable parameters of your enterprise application. Leave the default settings. To learn more about the properties configuration, see Azure user guide.
You've just created and configured an enterprise application in Microsoft Azure AD. Go to the following step to configure the automatic user provisioning for the SCIM application.
Configure End-users and groups provisioning
Follow these steps to configure automatic provisioning of users and groups in Microsoft Azure Active Directory. With this configuration, you can import and synchronize all identity and access data via SCIM.
Log in as administrator to your account in the Azure AD portal.
Go to the Azure AD.
In the Azure AD navigation menu, select Enterprise Applications and navigate to the enterprise application that you created in the previous step.
In the navigation menu, select Provisioning and click Get Started.
The Provisioning page opens.
In Provisioning Mode, select Automatic.
In Admin Credentials, do the following:
In Tenant URL, enter the Base URL 'https://meetioapi.vc.logitech.com/auth/api/scim/v2/?aadOptscim062020'
In Secret Token, enter the provided API Secret.
Click Test Connection to verify the communication between Azure AD and the SCIM endpoint.
Click Save if you receive a notification that the entered authentication credentials are correct.
Expand Mappings and click Provision Azure Active Directory Users to map Azure attributes.
In Attribute Mapping, map the customappsso attribute (same as SCIM attributes) to these Azure AD attributes. Remove other attributes by clicking Delete.
These default attribute mappings are supported.
User attribute mappings
Source
Target
Type
userPrincipalName
userName
Direct
Not([IsSoftDeleted])
active
Expression
Join(" ", [givenName], [surname])
name.formatted
Expression
objectId
externalId
Direct
Group attribute mappings
Source
Target
Type
displayName
displayName
Direct
objectId
externalId
Direct
members
members
Direct
Follow this procedure to assign groups to your SCIM application.
Log in as administrator to your account in the Azure AD portal.
Go to the Azure Active Directory.
In the Azure Active Directory navigation menu, select Enterprise Applications and navigate to your enterprise application.
In the directory navigation menu, select Users and groups.
Click Add user.
The Add Assignment dialog opens.
In the Add Assignment dialog, click Users and groups to unfold a dialog with a list of available users.
In the Users and groups dialog, select a user or group you want to assign and click Select.
Click Assign.
You've just enabled the immediate transfer of the selected memberships from the Microsoft Azure AD.
The users will be able to sign into Logi Tune once synced