SCIM User Provisioning with Azure AD
Wordpress SCIM plugin gives you ability to automate user creation, updation and deletion process from existing
Identity Provider to your WordPress site. The System for Cross-domain Identity Management (SCIM) is an open standard
for securely synchronizing user information between multiple applications. Here we will go through a step-by-step
guide to enable SCIM user sync between WordPress site and Azure AD / Office 365 by considering Azure AD / Office 365
as Identity Provider.
Features
The following provisioning features are supported:
- Push New Users :
New users created through Azure AD will also be created in the third party application.
- Push Profile Updates (Premium Feature):
Updates made to the user's profile through Azure AD will be pushed to the third party application
- Push User Deactivation (Premium Feature):
Deactivating the user or disabling the user's access to the application through Azure AD will
deactivate/delete the user in the third party application.
Note: For this application, deactivating/delete a user will depend on the miniOrange SCIM user
provisioning add-on.
- Reactivate Users (Premium Feature):
User accounts can be reactivated in the application.
Note: For the Reactivating the user it is required to select the Deactivation mode in the SCIM user
provisioning add-on.
Future
Enhancements in the Plugin:
- Enhanced group push
- Import Groups
- Sync password
Pre-requisites :
Download And Installation
To configure Azure AD as SAML IdP with WordPress, you will need to install the miniOrange WP SAML SP SSO plugin:
SCIM User Provisioning plugin, Create, Update, delete users from Azure AD, Okta, OneLogin,
G-suite, Centrify, JumpCloud, Idaptive, Gluu, WS02 and all SCIM …
To get the premium plugin, please contact us at
samlsupport@xecurify.com
Follow the steps below for configuring Azure AD SCIM user provisioning in
WordPress (WP)
Step 1:
Configure WP SCIM user provisioning plugin
- Install the premium plugin and login using your miniOrange credentials.
- You would require a license key to activate the plugin. (Note :- In case you already have the paid
version of the miniOrange SAML 2.0 SSO plugin you won’t require a to login or license key).
- Select the Identity Provider as Azure AD from the dropdown.
- You can find the SCIM Base URL and Bearer token in the SCIM configuration tab of the plugin.
Step 2:
Configure Azure AD for SCIM provisioning
- Log in to your Azure AD portal and select the Microsoft Entra ID.
- Click on Enterprise applications.
- Click on New Application and select non-gallery application. If you already have an
enterprise application and want to enable provisioning in it then jump to step 5.
- Give suitable name to your user provisioning application.
-
Click on Provisioning in left menu.
- Click on Get started.
- Select Automatic in Provisioning Mode and Enter SCIM Base URL, SCIM Bearer Token (which you will find in
Step 1above) .
- Click on Test Connection to verify the credentials. After testing connection click Save button.
Step 3: De-provisioning of Users
[This is a premium feature]
- You can select the deprovisioning mode in the SCIM configuration tab of the SCIM User Provisioning plugin.
- By default, De-provisioning will delete the users from the WordPress site.
Step 4: Attribute
Mapping for SCIM Users
Attribute
Mapping for SCIM Users
in Azure AD
- Click on Mappings dropdown then click on the Provision Azure Active Directory Groups and
disable
it.
- Click on Save button.
- Assign users to your application by clicking Users and groups >> Add user/group .
- Clcik on None Selected, choose users and click on Select button.
- Click on Assign button.
- Assigned users will be created in your WordPress site if they are not already
present.
- Once done with configuration, Go back to Provisioning and click on Start provisioning .
Configure the AzureAD to send
custom Attribute Mapping [This is a premium feature]
- The steps in Attribute Mapping for SCIM Users in Azure AD must be
followed in order to create custom attribute mapping.
- Navigate to the Provisioning >> Overview >> Edit attribute mapping section of your
Enterprise
Application of the AzureAD.
- Navigate to the Provision Azure Active Directory Users section under the Mappings
dropdown.
- Go to Edit attribute list for customappsso section. (Make sure you have checked Show
advanced
options).
- Scroll down to the bottom of this page and add this namespace
urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:{custom
attribute name of the WordPress } eg :-
urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:Brand
- In case the custom attribute needs to be stored as xprofile field or
BuddyPress/BuddyBoss field. You should add bb_{xprofile field} eg :-
urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:bb_City
- Once the attribute will be populated with the value received in the
urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:bb_City
variable
- After adding all the attributes, click Save button. Next, choose which Azure AD attribute whose
values should be sent as
urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:{attribute
_name}
- Click on the Add New Mapping.
- Select Source attribute, this value will be sent from AzureAD to WordPress. In the
Target attribute select the extended attribute for respective attribute for the
WordPress. Click Ok button.
Configure Attribute Mapping
of
SCIM User Provisioning Plugin [ This is a premium feature ]
- Navigate to Attribute-Mapping subtab and enable Show User Attribute when a user is
created.
- Once this option is selected you can navigate to the Attribute Mapping tab of the
plugin and Provision a test user (This user must not exist in the WordPress) to check
the attributes sent by AzureAD.
- Once a new user is created you can select the User’s attributes to be mapped from
the dropdown beside the attribute field.
Step 5: SCIM Audit [This is a premium feature]
- SCIM Audit allows you to keep the track of all the provisioning activity taking place. It shows you the
detailed
information about each user being provisioned. This information includes the User Action, Status,
Created Date
etc.
- In the miniOrange SCIM User Provisoner plugin, naviagate to the SCIM Audit tab.
- Here you can see all the User provision information.
- Click on the Show Advanced Search button, to search the provisoned user details by using the
search
filters like Wordpress Username, IP Address etc.
- On clicking the Clear Reports button, you can clear all the user provisioned details.
SCIM User Provisioning plugin also supports provisioning for other IDP's like Okta
,Cognito,OneLogin,Salesforce,
Ping Identity, WSO2, GSuite, GitHub and many more.
Additional Resource
Other Supported
IDPs
If you are looking for anything which you cannot find, please drop us an email on samlsupport@xecurify.com
Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?
24/7 Support
miniOrange provides 24/7 support for all the Secure Identity Solutions.
We
ensure high quality support to meet your satisfaction.
Sign Up
Customer Reviews
See for yourself what our customers say about us.
Reviews
Extensive Video Guides
Easy and precise step-by-step instructions and videos to help you
configure
within minutes.
Watch Demo
We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA,
Provisioning,
and much more. Please contact us at
 +1 978 658 9387 (US) | +91 97178 45846 (India) samlsupport@xecurify.com