Azure AD SCIM 2.0 setup by Contractbook
Below you can find the steps needed to configure a SCIM integration with Contractbook in Microsoft Azure Portal’s Active Directory.
Requirements to establish the integration:
Make sure you have:
- A working Azure Active Directory setup with the users from the organization you wish to synchronize with Contractbook
- A Secret Token for an admin user, provided to you by Contractbook
- Our Tenant URL: https://api.contractbook.com/scim
Create an Enterprise Application
- First, head to Azure Portal and search for Enterprise Application in the Search bar:
- Click on New application to create a new Enterprise Application:
- Contractbook’s application is not present in Azure's Gallery yet, so you will need to create your own. Click on Create your own application:
- In the creation dialog, begin by setting the name for your application
- In the given example below, we chose Contractbook SCIM, but it can be named in a way that fits you best
- Make sure the option "Integrate any other application you don’t find in the gallery" is selected
- Once you are ready, click on the Create button to confirm
- Shortly after, you will be redirected to your application. If the redirection does not occur, repeat the search for Enterprise Application in the search bar and you should now be able to see your own application among the list
Once you are in the application configuration, you can configure user provisioning.
The provisioning process, when successful, will keep your organization's users in sync with Contractbook.
For provisioning you need the following:
- Tenant URL: https://api.contractbook.com/scim
- Secret Token: provided to you by Contractbook
Here are the steps you need to follow, once you have all requirements:
- Under the Manage menu, click Provisioning
- Click Get Started to open the dialog to configure provisioning:
- Contractbook’s provisioning is automatic, so choose Automatic from the dropdown menu:
- Under the Admin Credentials accordion form, you need to paste the Tenant URL and the Secret Token you already have at your disposal
- Click the Test Connection button to ensure your credentials work with Contractbook
- If all succeeds, you can Save this configuration
- Click the Users and groups under Manage and configure the users you want to sync with Contractbook
- Please note that at least one organization admin should be present in the users selected. This is required for certain Active Directory setups where the admin needs to accept Contractbook's permissions on behalf of the organization
- Click Provisioning under Manage, and click Start provisioning:
And that's it!
Usually, the first provisioning update should take any time between 5 to 15 minutes depending on the size of your organization. Provisioning then occurs every 40 minutes, so any update to your users will be synchronized after that period of time has passed.
Accepting permissions on behalf of the organisation
- For certain Azure Active Directory setups, it is necessary for an admin to accept the permissions on behalf of the organization so users can use Contractbook's Single Sign On (SSO).
- You will know you have this setup when your users start reporting problems like the following:
- To fix this, the admin needs to log into Contractbook's main platform and accept the permissions: