Integrating Azure for Provisioning
This guide provides the details about Britive and Azure provisioning integration.
Configuring an Identity Provider on Britive
An identity provider needs to be created in Britive for SSO.
- Login to Britive application with administrator privileges.
- Click on Admin->Identity Management from the navigation menu.
- Click on Identity Providers tab.
- Click on ADD IDENTITY PROVIDER.
- Enter Name and Description.
- Click on ADD IDENTITY PROVIDER button. A configuration page is displayed.
Configuring Provisioning on Britive
- Click on the Edit icon under SCIM Provider in the SCIM tab.
- Select Azure from the drop-down list for configuring Azure AD.
- Save the changes by clicking the icon next to the selection.
- Copy the SCIM URL and note it down. This URL is entered later to configure on the identity provider portal.
- Click on CREATE TOKEN.
- Enter the validity of the token and create a token. Copy this generated token and note it down. Click OK. This token is not displayed again. This token is entered later on the identity provider portal.
- Click on RECREATE TOKEN button to generate a new token, if needed.
- Click on EDIT TOKEN VALIDITY to update validity.
- Map the incoming attributes using the procedure explained in User mapping.
- Add SCIM token to tenant policy using this procedure: Adding SCIM Token to Policy. Recreated token also needs to be added to the tenant SCIM policy.
Adding SCIM Token to Tenant Policy
- Click on Admin->Role & Policy Management->Policies.
- Search and select TenantSCIMPolicy from the list of policies.
- Click on Manage policy for TenantSCIMPolicy.
- Click Edit.
- Enter the following on Edit Policy page:
- Click on Select API Tokens.
- Select the token created in earlier section. The name of the token is same as the name of the identity provider.
- Click Save.
- Select Enable policy for TenantSCIMPolicy, if not enabled already.
After provisioning, by default, seven attributes from the identity provider are mapped to a Britive user.
You can see the mapped attributes by checking the Mapped Attributes checkbox in the User Mapping section. Out of these attributes, Status, Email, First Name, Last Name, and Username are mandatory attributes. The identity provider must send these attributes for the user to get created in Britive.
Additional attributes of the user from the identity provider can be configured in Britive. Follow these steps to map additional attributes:
- Select Admin->Identity Management from the navigation menu,
- Click on the Identity Attributes tab.
- Create a new attribute by clicking ADD IDENTITY ATTRIBUTE button.
- Enter the following values on Add Identity Attributes page:
- Enter the Name and description of the attribute.
- Select the type of attribute from the drop-down list.
- Check Multi valued for the attributes which can have multiple values. For example, user roles.
- Click ADD IDENTITY ATTRIBUTE. The created attribute is displayed in the list of identity attributes.
- Click the Identity Providers tab.
- Select the identity provider and click on the SCIM tab.
- Uncheck the Mapped Attributes checkbox to see the list of unmapped attributes.
- Click EDIT.
- Map the identity attribute with the incoming SCIM attribute.
- Click SAVE.
Configuring Azure for Provisioning
Note:: If the Britive application is already created, steps 1-8 can be skipped.
Follow the steps below for configuring SCIM Provisioning between Azure AD and Britive:
- Log in to the Microsoft Azure portal with permission to create applications.
- From the portal menu, click on Azure Active Directory.
- Click on Enterprise applications from the navigation menu,
- Click on the + New application Button.
- Search for Britive from the Browse Azure AD Gallery.
- Select Britive from the results panel.
- A Britive application details are displayed. Change the name of the application if required.
- Click Create.
- Click on Provisioning from the navigation menu.
- Set the Provisioning Mode to Automatic.
- Enter the following values under the Admin Credentials section:
1. Enter the SCIM URL copied into the Tenant URL field.
2. Enter the token into the Secret Token field.
These two values are generated in the Creating an identity Provider on Britive step.
- Click on Test Connection. If the connection is successful, save the configuration. If not, review the settings and try again.
- Assign users and groups to the application.
- Go back to the Provisioning tab and click Start provisioning.
- Check the provisioning status after 20 minutes. If the provisioning status is complete, log into Britive and make sure the users and tags are created.
- If there are any errors in the provisioning logs, review the errors and try again.
For more information about attributes mapping, see Tutorial - Customize user provisioning attribute-mappings for SaaS applications in Azure Active Directory.
This following section describes how to create a user and assign roles to that user in Azure Active Directory.
Follow these steps to create a test user:
- From the left pane in the Azure portal, select Azure Active Directory, select Users, and then select All users.
- Select New user at the top of the screen.
- On the User Properties page, follow these steps:
- In the Name field, enter the name of the test user.
- In the User name field, enter the firstname.lastname@example.org.
- Select the Show password check box, and then write down the value that's displayed in the Password box.
- Click Create.
Note:: While integrating Britive and Azure AD for SCIM protocol, it is mandatory to create a user with First name, last name, and email. If any of these mandatory attributes are missing in Azure AD, those users are not created in Britive.
For more information about adding users in Azure AD, see Add or delete users using Azure Active Directory.
Assign the Azure AD test user
This section describes how to enable a user to use Azure single sign-on by granting access to Britive application.
- In the Azure portal, select Enterprise Applications, and then select All applications.
- In the applications list, select Britive.
- On the app's overview page, find the Manage section and select Users and groups.
- Select Add user, then select Users and groups in the Add Assignment dialog.
- In the Users and groups dialog, select the user created in the previous section from the Users list, then click the Select button at the bottom of the screen.
- If you are expecting a role to be assigned to the users, you can select it from the Select a role dropdown. If no role has been set up for this app, you see the "Default Access" role selected.
- In the Add Assignment dialog, click the Assign button.
For more information about assigning roles to users in Azure AD, see Assign roles to users with Azure Active Directory.
Reach out to our team at email@example.com if you encounter any issue.