Admin Synchronisation : Microsoft Entra ID SCIM

Admin Synchronisation via SCIM connects your Microsoft Entra ID to your Phriendly Phishing account for company administrative requirements requiring access to the Phriendly Phishing portal. When an administrator is configured in your AD, they will automatically synchronise as an Admin in your Phriendly Phishing account. When an administrator is removed from your Microsoft Entra ID, they will also be removed from your Phriendly Phishing account on the next scheduled sync.

This article takes you through the step by step guide on how to sync platform Admins via SCIM:

1. Create a New Enterprise Application in your Microsoft Entra ID
2. Provision your Enterprise Application
3. Map Attributes
4. Assign User Groups for Provisioning
5. Configure in Phriendly Phishing platform

1. Create a New Enterprise Application in Microsoft Entra ID

a. Sign into Microsoft Azure and select Enterprise applications.

b. Select New application then Create your own application.

c. Enter a name for your application and follow per screenshot below

2. Provision your Enterprise Application

a. Log in to your Phriendly Phishing account. Go to Settings and follow through per the screenshot below.

b. Expand Admin Synchronisation then select Azure SCIM. Take note of the URL and token, these are required in succeeding steps.

c. Go back to your Microsoft Entra ID and select the Enterprise Application created in Step 1. In the Overview page of the application you created, select Provisioning.

d. Click Connect your application

e. Enter the Tenant URL and Secret Token you retrieved in 2.b from the Phriendly Phishing platform. Follow through per screenshot below. 

3. Map Required Attributes

a. In the Overview page of you application you created, select Provisioning > Provision Microsoft Entra ID Users.

b. Feel fee to delete any of the attributes visible by default. Scroll down, tick Show Advanced Options > Edit Attribute list for customappsso.  

c. At the bottom of the list, enter below attributes under column Name, column Type is String and leave the other columns as is or empty. Once done, hit . Refer to section The list of Required and Custom string attributes for entry in your SCIM Mapping.

d. Adjust the mappings so they match the following screenshot. 

4. Assign User Groups for Provisioning

a. In the Overview page of the application, select Users and Groups > Add User / Group. 

b. Select User and Groups to search the group/s you want to assign.

c. Select

d. Once assigned, in the Overview page select Provisioning then Start Provisioning. Once 100% completed, go back to Phriendly Phishing platform and proceed with next steps. 

5. Configure in Phriendly Phishing platform

a. Log in to your Phriendly Phishing account. Go to Settings and follow through per the numbered steps in the screenshot below.

b. After completing steps above, click Save, change the Admin Synchronisation button to Enabled and Trigger a sync.

c. The newly synched Admins then appears under the notification bell.

The list of Required and Custom string attributes for entry in your SCIM Mapping

Default Attributes (Required)

1. First name of learner =urn:ietf:params:scim:schemas:extension:PH2:2.0:User:givenName
2. Surname of learner = urn:ietf:params:scim:schemas:extension:PH2:2.0:User:surName
3. Email of learner = urn:ietf:params:scim:schemas:extension:PH2:2.0:User:mail

Custom Attributes (optional)

1. Department = urn:ietf:params:scim:schemas:extension:PH2:2.0:User:Department
2. Location = urn:ietf:params:scim:schemas:extension:PH2:2.0:User:location
3. Job Title = urn:ietf:params:scim:schemas:extension:PH2:2.0:User:jobTitle
4. Manager = urn:ietf:params:scim:schemas:extension:PH2:2.0:User:Manager

You have now completed the implementation of Admin Synchronisation via SCIM.