Setup Azure AD as a SCIM Client using the User Provisioning module in Drupal

Overview

User Provisioning provides you with the ability to manage all the users at a central user management identity. Azure AD Provisioning service supports SCIM 2.0 protocol for automatic provisioning/de-provisioning. miniOrange User Provisioning and Sync module implement the SCIM endpoints to allow provisioning/de-provisioning of users into the Drupal site as and when any CRUD operation is performed in the central identity i.e. Azure AD.

Installation Steps

• Using Composer
• Using Drush
• Manual Installation

• Download the module:

  composer require 'drupal/user_provisioning'

• Navigate to Extend menu on your Drupal admin console and search for miniOrange User Provisioning using the search box.
• Enable the module by checking the checkbox and click on Install button.
• Configure the module at

  {BaseURL}/admin/config/people/user_provisioning/overview

• Install the module:

  drush en user_provisioning

• Clear the cache:

   drush cr

• Configure the module at

  {BaseURL}/admin/config/people/user_provisioning/overview

• Navigate to Extend menu on your Drupal admin console and click on Install new module button.
• Install the Drupal User Provisioning and Sync module either by downloading the zip or from the URL of the package (tar/zip).
• Click on Enable newly added modules.
• Enable this module by checking the checkbox and click on Install button.
• Configure the module at

  {BaseURL}/admin/config/people/user_provisioning/overview

Create an Enterprise Application in Azure AD:

• Log into the Azure Portal.
• Select Enterprise application under Azure Services.

• Click on the New application.

• Click on the Create your own application in Browse Azure AD Gallery.

• Enter the application name in What's the name of your app?
• Under What are you looking to do with your application?, select Integrate any other application you don't find in the gallery (Non-gallery) and click on the Create button.

Configure Azure AD as SCIM Client:

• Click on the Provision User Accounts.

• Click on the Get Started button.

• Select Provisioning mode as Automatic.

• Navigate to the Drupal site.
• Under Configure Drupal as a SCIM Server section, copy the SCIM Base URL.

• Navigate back to the Azure AD portal and paste the copied SCIM Base URL under the Tenant URL text field.

• Navigate to the Drupal site and copy the SCIM Bearer Token.

• Navigate back to the Azure AD portal and paste the copied SCIM Bearer Token under the Secret Token text field.

• Click on the Test Connection button to establish the connection between Azure AD and Drupal.
• If the connection is successful, a success message will pop up in the top right corner.

• Once the connection is successful, click on the Save button.

• Navigate to the Provisioning tab from the left navigation panel and scroll down to the Settings section.
• Under the Settings section, select Sync only assigned users and groups in the Scope dropdown.

• Toggle the Provisioning status button to On and click on the Save button.

Assign users to the Application:

• Navigate to the Overview tab in the Azure AD application and select Assign users and groups.

• Click on the Add users/group.

• Click on the None Selected link under the Users. Search for the user(s) to assign.

• Select the user(s) and click on the Select button.

• Click on the Assign button.

• The user has been successfully assigned.

On-Demand Provisioning:

• Navigate to the Provisioning section of the Azure AD Application and select Provision on demand.

• Search for the user to provision.

• Select the user and click on the Provision button.

• If the user is successfully provisioned, the following screen will be shown:

• Let’s check if the user is provisioned to the Drupal site. Navigate to the Drupal site and navigate to the People tab from the top navigation panel. As per the following screenshot, the user has been successfully created on the Drupal site.