Configure Attributes in SCIM User Provisioning
This section describes how to create custom and enterprise attributes for Azure AD during user provisioning.
Mapping attributes
After the connection is established, you can map the attributes between Azure AD and Ivanti Neurons for MDM. Ivanti Neurons for MDM supports the following Azure AD attributes:
Core attributes
-
id(urn:ietf:params:scim:schemas:core:2.0:id)
-
userName("urn:ietf:params:scim:schemas:core:2.0:User:userName" )
-
displayname("urn:ietf:params:scim:schemas:core:2.0:User:displayName")
-
active("urn:ietf:params:scim:schemas:core:2.0:User:active")
-
name("urn:ietf:params:scim:schemas:core:2.0:User:name")
-
userType(urn:ietf:params:scim:schemas:core:2.0:User:userType)
-
emails(urn:ietf:params:scim:schemas:core:2.0:User:emails)
-
locale("urn:ietf:params:scim:schemas:core:2.0:User:locale")
-
displayName
-
emails
-
name
-
active
-
id
-
urn:ietf:params:scim:schemas:extension:ivanti:2.0:User
List of attributes for which update operation is allowed
Custom attribute
Schema - urn:ietf:params:scim:schemas:extension:ivanti:2.0:User:<CustomAttribute123Name>
Enterprise attribute
Currently only the Department attribute is supported.
Schema - urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department
Procedure
- Log in to the Ivanti Neurons for MDM administrative Portal.
- Navigate to Admin > Identity > User Provisioning.
- Under Edit Settings, click +Add Custom Attribute
- Enter a name in the Attribute Name field.
- Click Save Changes.
- The attribute is listed and available on Admin > System > Attribute page.
-
The attribute is denoted as IDP attribute type and you can only perform delete action.
-
Log in to the Azure AD portal.
-
Go to Home > Enterprise Application > Click on the SCIM application.
-
Click Provision Azure Active Directory Users from the Mappings section.
-
Select the Show advanced options check box.
-
Click Edit attribute list for customappsso.
-
Enter a new entry for the custom attribute that you created in the Ivanti Neurons for MDM UI.
-
Add the schema for the Custom/ Enterprise (Department) attribute as follows:
Custom attribute - urn:ietf:params:scim:schemas:extension:ivanti:2.0:User:<custom attribute>Enterprise attribute - urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department
-
Click Save changes.
-
Click Add New Mapping and select the Source and Target attributes from the drop-down menu:
-
Click Ok and click Save Mapping.
-
Go to Home > Enterprise Application > Click on the SCIM application > Users and groups.
-
Click the User name. The Profile page opens.
-
Verify whether the value associated with the attribute appears on the Profile page.
-
(Optional) Click on the SCIM application > Provisioning > Provision on demand, search for the specific user, and click Provisioning. To validate the new attribute mappings performed in the previous steps.
-
Log in to the Ivanti Neurons for MDM administrative portal.
-
Go to Users > Users.
-
Select the user, click the Attributes tab, and verify the attribute value. The attribute is mapped for the specific user.
Related topics:
User Provisioning-Azure Active Directory