Skip to main content

Privacera Documentation

Table of Contents

Preview: Azure Active Directory SCIM Server UserSync

Currently available as a Preview functionality, Azure Active Directory (AAD or Azure AD) can be configured to sync identities with Privacera UserSync.

Prerequisites

  • Azure AD Administrator account access.

Privacera UserSync Configuration

Privacera Platform

These Privacera Manager variables need to be set in ~/privacera/custom-vars/vars.privacera-usersync.scimserver.yml:

  • Add :

    SCIM_SERVER_BEARER_TOKEN: “{BEARER_TOKEN_VALUE}”

  • Update:

    SCIM_SERVER_ATTRIBUTE_EMAIL: "emails[type-work].value"

PrivaceraCloud

  • In Configure Connector > Authentication Type, select Bearer and click Generate Token and Copy, making sure to save the token value for later.

  • In the Base User Attributes section, update the Email Address value to emails[type-work].value

Azure AD Configuration

For additional information regarding configuring a SCIM client in AAD, see the Microsoft documentation.

Create application
  1. Select Enterprise applications from the left pane. Then + New application > + Create your own application.

  2. Enter an application name (e.g. “Privacera Provisioning”).

  3. Select “Integrate any other application you don’t find in the gallery (Non-gallery)” and click the Create button.

  4. On the app management screen, select Provisioning in the left panel. Then click Get Started.

  5. Choose Automatic for the Provisioning Mode.

  6. Configure the Privacera credentials from the Usersync configuration.

Configure mappings
  • It is important to only include attributes configured in both Privacera and Azure AD. Below is a list of default attributes supported by Privacera Usersync, any additional attributes should be removed from the Azure AD mapping unless added to the Privacera Usersync configuration as well.

    Groups:

    displayName	:	displayName		
    members		:	members

    Users:

    userPrincipalName	  :	userName		
    Switch([IsSoftDeleted]...):	active		
    mail			  :	emails[type eq “work”].value		
    givenName		  :	name.givenName		
    surname			  :	name.familyName

Caution

Microsoft Azure AD does not support syncing service principals or nested groups, thus Privacera also cannot support these specific capabilities.

Configure scope
  • Select Sync all users and groups or Sync only assigned users and groups.