Azure SCIM User Provisioning – Phriendly Phishing

Azure SCIM 2.0 User Provisioning enables you to connect your Azure Active Directory to your Phriendly Phishing account. When an individual is configured in your Active Directory (AD) then they will automatically synchronise this new staff member in your Phriendly Phishing account. When an individual has been removed from your Azure AD then the individual will be removed from your Phriendly Phishing account.

This article will take you through how to:

Create a New Enterprise Application
Provision Your Enterprise Application
Mapping Attributes and Assigning Provisioning Scope
Configure with Phriendly Phishing account

Important: Please confirm with Support what attribute is used to store your primary email addresses in Azure AD.

1. Create a New Enterprise Application in Azure AD

a. Sign in to the Azure Active Directory Portal.

b. Select Enterprise applications.

c. Select New Application and then Create your own application.

d. Enter a name for your application, choose the option "integrate any other application you
don't find in the gallery" and select Create to add the new application. Once added it should open up to the application overview.

2. Provision Your Enterprise Application

a. You will need details from the Phriendly Phishing Portal to configure the application.

Log into your account, select Settings then User Synchronisation.

b. Select Azure SCIM then expand 'Azure SCIM synchronisation'.

This will show you the URL and token that is required in step 3.

c. On the Overview page of the application you created, select Provisioning in the left panel.

d. Select Get Started

e. Set Provisioning Mode to 'Automatic' and under Admin Credentials enter the tenant URL and Secret token you retrieved in step 2 from the Phriendly Phishing Portal.

f. Select Test Connection, then if the connection is successful, select Save.

3. Mapping required attributes and Assigning Provisioning Scope

a. Select the Provisioning tab, then Edit Attribute Mapping.

b. Expand 'Mappings' then select Provision Azure Active Directory Users.

c. Scroll to the bottom and select Show Advanced Options, then Edit Attribute List for Customerappsso.

d. At the bottom of the list, enter these custom attributes in the Name column, leaving
defaults for the other columns. (see the below screenshot)

Default Attributes(Required)

First name of learner
▪ urn:ietf:params:scim:schemas:extension:PH2:2.0:User:givenName

Surname of learner
▪ urn:ietf:params:scim:schemas:extension:PH2:2.0:User:surName

Email of learner
▪ urn:ietf:params:scim:schemas:extension:PH2:2.0:User:mail

Additional Attributes (optional)

If you wish to add additional attributes the name must follow the pattern shown in the example
below. The “CustomAttribute" can be customised to what you want shown in the portal.

urn:ietf:params:scim:schemas:extension:PH2:2.0:User:CustomAttribute

Examples:
urn:ietf:params:scim:schemas:extension:PH2:2.0:User:Department
urn:ietf:params:scim:schemas:extension:PH2:2.0:User:location
urn:ietf:params:scim:schemas:extension:PH2:2.0:User:jobTitle

e. Once all have been added select Save, then Yes.

f. Adjust the mappings so they match the following screenshot.

This can be done by selecting the AD Attribute, editing the Target Attribute then selecting Ok.

If you added additional attributes in the previous step, map them to the associated AD attribute, eg. Department in the example below.

g. You will also need to set the Matching Precedence value for Objectid to 1.
You can do this by editing the attribute, set Match object using this attribute to Yes, then enter the value 1. Then select Ok

Note: You may be required to edit the matching precedence for UserPrincipalName as only a single attribute can be set to 1.