EZOfficeInventory integrates with the SCIM protocol so you can manage the identity data of your employees on the cloud and seamlessly provision them access and user rights into the EZOffficeInventory application from any identity provider including Azure AD.
1.What is SCIM?
SCIM, or System for Cross-domain Identity Management, is an open standard that automates user provisioning for your organization. It communicates user identity data of your employees from identity providers to service providers.
An identity provider (IdP) is a system that contains a robust directory of user identities and single, consistent login credentials for each of your employees. Azure AD is an example. A service provider (SP) is an enterprise SaaS application that requires these user identities so your employees can log into the application.
The SCIM protocol ensures that any changes made to user identities in the IdP, such as Azure AD are automatically synced in the SP i.e. EZOfficeInventory.
2. Why Use SCIM?
Managing user lifecycle is crucial for businesses. As companies grow or experience turnover, their employee count keeps changing. They need a quick and easy way to add or delete user accounts in their company directories and simultaneously authorize or revoke employees’ access to various business applications.
Our integration with SCIM simplifies the user experience by automating your user provisioning processes. It automatically creates users in your EZOfficeInventory account as you create them in IdP tools like Azure AD. Since data is communicated automatically, it saves your IT teams valuable time and reduces the risk of error stemming from manual data entry.
Note: Our SCIM integration currently supports Azure AD and Okta only. Other IdP systems like OneLogin shall be supported soon.
EZOfficeInventory’s SCIM integration with Azure AD offers various benefits. These include:
- Centralized user management: Manage the user identities, access rights and privileges, and action permissions of your employees and teams from a single space.
- Compliance with security policy: Mitigate security risk with consistent login credentials and single-sign-on (SSO) capability as employees no longer need to sign in to each of their accounts individually. This also reduces the need for password resets.
- Ready-to-use integration: Save your IT team the effort of in-house custom development with our ready-to-use integration.
3. SCIM Prerequisites
Before you set up SCIM with Azure AD, you need to consider some pre-requisites. You must have:
- The Tenant URL and Secret Token. See step 4.1.
- Global Administrative rights for the Active Directory.
- Access rights to set up Enterprise applications.
4.[How-to] implement SCIM user provisioning with Azure AD
Let’s walk you through some basic steps on how to implement SCIM-based user provisioning with Azure AD!
Step 1: Enable SCIM in EZOfficeInventory
To enable SCIM in your EZOfficeInventory account, follow the pathway: Settings → Add Ons → User Provisioning via SCIM and select ‘Enabled’. Hit ‘Update’.
This action reveals additional information shown below.
- SCIM Connector Base URL
- Connector Key
You will need to enter the two values in the ‘Tenant URL’ and ‘Secret Token’ data fields respectively in Step 2.
Step 2: Add EZOfficeInventory in Azure AD
Before you go ahead and start provisioning users, you must first add the EZOfficeInventory application in your Azure portal.
The process is very simple.
1. Go to your Azure Portal and sign in. Note: Make sure you are in the correct directory!
2. Navigate to ‘Azure Active Directory’on the left-hand side.
3. Go to Enterprise Applications → All Applications → New application.
4. Select ‘Non-gallery application’.
5. Add ‘EZOfficeInventory’ as the name of the application, and click on ‘Add’.
The application has been created in your Azure Active Directory.
Step 3: Configure the SCIM connection in Azure AD
Now, configure some additional settings in your Azure portal.
- Go to the Provisioning tab in the Manage section and click on ‘Get Started’.
2. Set the Provisioning Mode to ‘Automatic’.
3. Under the Admin Credentials section, input the SCIM Base Connector URL and the Connector Key (from Step 1) into the Tenant URL and Secret Token fields respectively. Click ‘Test Connection’ to ensure Azure AD can connect to EZOfficeInventory.
If the connection fails, ensure your EZOfficeInventory account has Admin permissions and try again.
4. In the Notification Email field, enter the email address of the person or group who should receive the provisioning error notifications and check the checkbox ‘Send an email notification when a failure occurs’.
5. Click ‘Save’.
Once the provision settings have been saved, you’ll get the following notification.
5. Provisioning User(s)
To enable the Azure AD provisioning service for EZOfficeInventory, carry out the steps outlined below:
- Go to the Settings section and change the Provisioning Status to ‘On’.
2. Define the users and/or groups that you would like to provision to EZOfficeInventory by choosing the desired values in Scope in the Settings section.
3. When you are ready to provision, click ‘Save’.
4. If you selected ‘Sync only assigned users and groups’, please navigate back to the Users and Groups section of the EZOfficeInventory App. Click on ‘Add user’ to add relevant users and/or groups.
5. Click on the relevant User’s details and hit ‘Select’.
6. Click on ‘Assign’.
You’ll get the following alert once the assignment has been successful.
7. Now, go to the Provisioning section in the EZOfficeInventory application and click on ‘Refresh’.
This shall sync the selected User in your EZOfficeInventory account and provide them access rights into the application, as shown.
Note: Azure uses Operational Schema for User Update and Deletion. Currently, EZOfficeInventory’s SCIM connection uses an Enterprise Schema. We’ll soon be supporting the Operational Schema for User Updates and Deletion.
EZOfficeInventory is the leading asset tracking software. It allows you to track, maintain, and report on equipment from anywhere, at any time. We offer a free 15-day trial – no credit card required!