Setting up SCIM integration with Microsoft Entra ID
*Please note that this may differ from the latest settings.
This section explains how to set up SCIM integration with Microsoft Entra ID.
This setting is done on the Microsoft Entra ID side.
If you have not yet registered for an account, please click here "Azure Free Account FAQ.
Entra ID settings
The first step is to create an enterprise application.
01. Open Enterprise Application
Log in to Microsoft Azure with an administrator account.
Go to the "All Services" in Azure and select "ID" > "Microsoft Entra ID" on the left side of the page.
In the Overview page, click on "Enterprise applications" on the left side of the page.
02. Select new application
Click on "All Applications" > "New Application."
03. Click on "Create your own application"
04. Create your own application
First, in the "What is the name of your application?" field, enter the name of the application to be connected.
Then, under "What operations would you like to perform with the application?" select "Integrate other applications not found in the gallery (other than the gallery)".
When completed, click "Create."
provisioning
The next step is to configure provisioning settings.
01. Provisioning Selection
Configure provisioning settings.
Click on "Provisioning" on the left or "Provisioning user accounts."
Next, click on "Start Work.
Then, under "Provisioning Mode," select "Automatic.
02.Entra ID and learningBOX linkage
As the administrator credentials are set up, Entra ID and learningBOX will be linked.
First, log in to learningBOX.
Select "Site Customizer > Basic Settings > Integrate with External Systems > Use SCIM" and on the page that opens, turn the "Enable SCIM Synchronization" toggle On.
Save the file after the operation.
Copy the "base URL" and "token" on the learninBOX side and enter this on the Entra ID side in the next step.
▼ Base URL
Copy the base URL from "Copy.
▼Click on the token "Publish" and copy the token in the pop-up that opens.
Return to Entra ID and enter the following to complete the connection setup
Tenant URL: "Base URL" copied on the learningBOX side
Secret token: "Token" issued by learningBOX
If the token is reissued after the linkage with Entra ID is completed, it must be reconfigured.
Make a "test connection" and confirm that a successful connection is indicated.
Click "Save" to complete the connection setup.
03.User and Group Settings
Currently, provisioning of groups is not available in the SCIM linkage of learningBOX and must be disabled on the Entra ID side.
Click on "Provision Microsoft Entra ID Groups".
Set "Enable" to "No" and click "Save".
The next step is to configure the settings to use user provisioning.
Click on "Provision Microsoft Entra ID Users.
Set "Enable" to "Yes" and check all under "Target Object Actions.
Next, please set up "Attribute Mapping".
The "login (login ID)" field key of learningBOX corresponding to "userName" must have at least 5 characters. If the number of characters is not sufficient, select "Expression" in "Mapping Type" and add the following example to "Expression".
e.g.)
Append("prefix_", [mailNickname]), Append([mailNickname], "abc"), etc.
Please enter any characters in *"".
login (login ID)" can be made up of one-byte alphanumeric characters and the following symbols.
! " # $ % & ' ( ) * + , - . / : ; ? [ ] ^ _ `
In the "name" field key on the learningBOX side, if the corresponding "name.formatted" has the default value "Join(" ", [surname], [givenName])" as the Microsoft Entra ID attribute, the user's first and last name will appear reversed when synchronized. When synchronizing, the user's first and last name will be displayed in reverse order.
To avoid this, set the following in the attribute mapping edit
Join(" ", [givenName], [surname])
When settings are complete, click "Save" in Attribute Mapping.
Finally, set the provisioning status to "On" and click "Save" on the provisioning.
04. Start provisioning
This section explains how to add users for provisioning.
Go to Users and Groups > + Add User to add a user for provisioning.
By default, automatic provisioning occurs approximately every 40 minutes.
Note that manual provisioning can be stopped/started.
Once the results of provisioning are confirmed, the setup is complete.
Note
Immediate manual synchronization is available instead of automatic synchronization at 40-minute intervals.
Select a user from "Provisioning on Demand" and provision the user.
