Solved

Azure AD SCIM Enhancements


Badge

Hey!

According to the dec release notes, 

We've added support for syncing the Location, Department, and Secondary Email fields to our Azure AD, OneLogin, and Okta SCIM Apps.

Have anyone been able to find any more information on this update for the Azure AD SCIM?

The effy app still shows version 1.0, and no further target attributes have been added in the Azure SCIM setup.

icon

Best answer by kong-jhartmann 9 January 2023, 20:02

View original

13 replies

Userlevel 3
Badge +5

Does Azure require a specific attribute name and external namespace like Okta?

Badge

Does Azure require a specific attribute name and external namespace like Okta?

Yes, fields are mapped according to a selectable dropdown, but custom attributes can be added to the Freshservice, if I know the name of them:

 

 

Userlevel 3
Badge +5

It’s probably using the same properties as Okta.  See the attached doc and test the mapping with that.

Badge

Thanks, Jeremy. I’ll test that tomorrow.

Do you have something on the other fields as well, especially interested in the Secondary Email field.

Userlevel 3
Badge +5

Here is the complete list I got from Effy.

Badge

That got the location sorted. Will reach out to support for the secondary email thing.

Thank you, Jeremy.

Userlevel 1
Badge +2

I am also trying to get a location field to map from AAD during user provisioning on a new FreshService setup.  Based on the Excel in the thread it looks like I should be using:

urn:ietf:params:scim:schemas:core:2.0:User:Location 

But that doesn’t seem to be doing it.  Screen shot of my attribute mapping below.  What am I missing?

 

 

Could also settle for a custom AAD attribute instead, but I haven’t had any success there either.  Any help is appreciated.  Thank you!

Badge

I am also trying to get a location field to map from AAD during user provisioning on a new FreshService setup.  Based on the Excel in the thread it looks like I should be using:

urn:ietf:params:scim:schemas:core:2.0:User:Location 

But that doesn’t seem to be doing it.  Screen shot of my attribute mapping below.  What am I missing?

 

 

Could also settle for a custom AAD attribute instead, but I haven’t had any success there either.  Any help is appreciated.  Thank you!

 

Actually, you should just write to the “location” attribute in Freshservice. Below are the 3 custom mappings I have added, the second one should take care of the location.

I added the other two mappings to get over the complete address in the address field as well, and for users with mismatched email and UPNs, I want their UPN as a secondary email address.

If you are missing the some of the target attributes, you have to go add them in the Advanced settings:

 

Hope this helps. :-)

Userlevel 1
Badge +2

I swear I tried that yesterday.  That is working now.  Thank you a ton!!

Userlevel 1
Badge +2

So after a little more troubleshooting, I have determined that the Location field does not sync on the initial user provisioning, which is why I thought it wasn’t working yesterday.  The second time the provisioning service runs it updated the location field on existing users.  Little odd behavior, but at least it works.

Badge +2

I am also trying to get a location field to map from AAD during user provisioning on a new FreshService setup.  Based on the Excel in the thread it looks like I should be using:

urn:ietf:params:scim:schemas:core:2.0:User:Location 

But that doesn’t seem to be doing it.  Screen shot of my attribute mapping below.  What am I missing?

 

 

Could also settle for a custom AAD attribute instead, but I haven’t had any success there either.  Any help is appreciated.  Thank you!

 

Actually, you should just write to the “location” attribute in Freshservice. Below are the 3 custom mappings I have added, the second one should take care of the location.

I added the other two mappings to get over the complete address in the address field as well, and for users with mismatched email and UPNs, I want their UPN as a secondary email address.

 

Hope this helps. :-)

 

 

Would you mind copy and pasting your address join command? I am looking for something similar, thanks!

Badge +1

So after a little more troubleshooting, I have determined that the Location field does not sync on the initial user provisioning, which is why I thought it wasn’t working yesterday.  The second time the provisioning service runs it updated the location field on existing users.  Little odd behavior, but at least it works.

 

Hi, recently switched from the Okta provisioning to Azure, anyone know if there is a fix for this Office>Location not syncing on the initial provisioning of a new user?

The default attribute in the freshservice SCIM Sync is “location”. According to Microsoft, there is a problem when using non full URN syntax, as they might not be included in the first sync.

Took me some time to figure it out, but you need to add a custom attribute using the following URN:

urn:ietf:params:scim:schemas:extension:freshservice:2.0:User:_location

use this attribute instead of “location”. Now the location is synced within the first sync attempt.

Reply