The System for Cross-Domain Identity Management (SCIM) user management API enables automatic user provisioning between TransferChain and Microsoft Entra ID (previously called Azure Active Directory ‘AAD’).
Requirements
Cloud Application Administrator role (or higher) in Azure Active Directory
An administrator role in TransferChain
Creating a Custom Application
Log in to your Microsoft Azure Portal, then click on Microsoft Entra ID from the left-hand menu. Alternatively, you can search for it using the top search bar or use this link.
Once inside your Microsoft Entra Admin Center tenant, navigate to Enterprise applications from the left-hand menu and click on it.
Click New Application, then select Create your own application. In the menu that appears, enter a name for the app you wish to integrate and leave the option selected for Integrate any other application you don’t find in the gallery (Non-gallery).
(i) Deployment may take a few minutes. You can monitor the status under the Notifications dropdown in the top ribbon.
Once the deployment is complete, click the Enterprise Applications link beneath the search bar to locate your newly created application.
Configuring Provisioning
Get the TransferChain SCIM Provisioning Information (URL and token)
Go to the TransferChain Admin Panel
Click on Settings
Go to the ‘Marketplace’ Tab
Click on ‘Enable’ under Microsoft Azure SCIM
Copy the Connect URL & Authentication Token and save it for a later step
Configuring Provisioning in Azure AD
Click Provisioning (1), then Get Started (2)
Use the dropdown box to select Automatic (1), enter the Tenant URL of the Provisioning URL copied from TransferChain and your Authentication Token (2, 3)
Click Test Connection and observe the successful test (4)
Click Save (5)
(i) Provisioning sync is done every 40 minutes. See more information here.
Synchronizing All or Assigned Users According to Preference
If you prefer to only provision assigned users in your organization or instead if you prefer to provision all users in your organization you will have to update both the Properties and Provision Settings.
Provision Settings:
Head to Overview from the left-hand menu
Click on the ‘Edit Provisioning’ from the upper tab
Under ‘Settings’ section, you may click the ‘Scope’ dropdown
And choose your preferred option "Sync all users and groups" or "Sync all assigned users and groups"
Then “Save” your Provision Settings
Properties Section:
After you choose your preferred method on Provision Settings you should follow the same option under the Properties Section.
Within your Enterprise Application, from the left-hand menu, you should head to ‘Properties’.
On the “Assignment Required” part, you need to choose “Yes” if you want to assign only specific users under your organization for provisioning, and if you want to provision all of the users under your organization to be provisioned
Assigning Users & Groups
Disabling Groups from Attribute Mapping
Since the current Microsoft Entra ID user provisioning with TransferChain only supports users, you should disable the ‘Provision Microsoft Entra Groups’. Head to:
‘Attribute mapping (Preview)
Click on ‘Provision Microsoft Entra Groups’, and ‘Disable’ the attribute mapping.
Set Up User Provisioning
Return to the application’s main page
Navigate to Users and groups
Click Add user/group
Click Users under the None Selected section
Search for the desired users and select them from the list
Click Select
Click Assign
Start Provisioning
When you are complete with your setup, you can now start your provisioning.
User Attributes
These fields are supported for mapping user attributes:
Name (first and last name)
Email (must be lowercase)
Active (whether or not a user is enabled or disabled)
(i) Logging in to TransferChain requires an email address, first and last name. To sync users to TransferChain, users in AD must have their email addresses, first and last names included in their profiles.