Search Results :

×

AzureAD User Provisioning Into WordPress Using SCIM Standard


SCIM User Provisioning with Azure AD

Wordpress SCIM plugin gives you ability to automate user creation, updation and deletion process from existing Identity Provider to your WordPress site. The System for Cross-domain Identity Management (SCIM) is an open standard for securely synchronizing user information between multiple applications. Here we will go through a step-by-step guide to enable SCIM user sync between WordPress site and Azure AD / Office 365 by considering Azure AD / Office 365 as Identity Provider.

Features

miniorange img The following provisioning features are supported:

  • Push New Users : New users created through Azure AD will also be created in the third party application.
  • Push Profile Updates (Premium Feature): Updates made to the user's profile through Azure AD will be pushed to the third party application
  • Push User Deactivation (Premium Feature): Deactivating the user or disabling the user's access to the application through Azure AD will deactivate/delete the user in the third party application.
  • Note: For this application, deactivating/delete a user will depend on the miniOrange SCIM user provisioning add-on.

  • Reactivate Users (Premium Feature): User accounts can be reactivated in the application.
  • Note: For the Reactivating the user it is required to select the Deactivation mode in the SCIM user provisioning add-on.

miniorange img Future Enhancements in the Plugin:

  • Enhanced group push
  • Import Groups
  • Sync password

Pre-requisites : Download And Installation

To configure Azure AD as SAML IdP with WordPress, you will need to install the miniOrange WP SAML SP SSO plugin:

SCIM User Provisioning plugin, Create, Update, delete users from Azure AD, Okta, OneLogin, G-suite, Centrify, JumpCloud, Idaptive, Gluu, WS02 and all SCIM …

 Tested upto 6.2

To get the premium plugin, please contact us at samlsupport@xecurify.com

Follow the steps below for configuring Azure AD SCIM user provisioning in WordPress (WP)

Step 1: Configure WP SCIM user provisioning plugin

  • Install the premium plugin and login using your miniOrange credentials.
  • You would require a license key to activate the plugin. (Note :- In case you already have the paid version of the miniOrange SAML 2.0 SSO plugin you won’t require a to login or license key).
  • Select the Identity Provider as Azure AD from the dropdown.
  • You can find the SCIM Base URL and Bearer token in the SCIM configuration tab of the plugin.
  • SCIM User Provisioning (User Account Management) SCIM Configuration

Step 2: Configure Azure AD for SCIM provisioning

  • Log in to your Azure AD portal and select the Microsoft Entra ID.
  • User provisioning with Azure AD of SCIM Standard - Login to Azure AD portal and select MS Entra ID
  • Click on Enterprise applications.
  • User provisioning with Azure AD of SCIM Standard - Login to Azure AD portal
  • Click on New Application and select non-gallery application. If you already have an enterprise application and want to enable provisioning in it then jump to step 5.
  • User provisioning with Azure AD of SCIM Standard - In Azure AD portal Add new application User provisioning with Azure AD of SCIM Standard Applicaiton Name SCIM_User_provisioning
  • Give suitable name to your user provisioning application.
  • User provisioning with Azure AD of SCIM Standard - In Azure AD portal Add new application
  • Click on Provisioning in left menu.
  • User provisioning with Azure AD of SCIM Standard- Provisioning screen to manage user account
  • Click on Get started.
  • User provisioning with Azure AD of SCIM Standard- User provisioning gets started
  • Select Automatic in Provisioning Mode and Enter SCIM Base URL, SCIM Bearer Token (which you will find in Step 1above) .
  • Click on Test Connection to verify the credentials. After testing connection click Save button.
  • User provisioning with Azure AD of SCIM Standard chose Provisioning Mode Automatic

Step 3: De-provisioning of Users [This is a premium feature]

  • You can select the deprovisioning mode in the SCIM configuration tab of the SCIM User Provisioning plugin.
  • By default, De-provisioning will delete the users from the WordPress site.
  • WordPress Okta SCIM User Provisioning | SCIM Configuration tab

Step 4: Attribute Mapping for SCIM Users

    miniorange img  Attribute Mapping for SCIM Users in Azure AD
    • Click on Mappings dropdown then click on the Provision Azure Active Directory Groups and disable it.
    • User provisioning with Azure AD of SCIM Standard Provision Azure Active Directory Groups
    • Click on Save button.
    • User provisioning with Azure AD of SCIM Standard Disable Group Mapping
    • Assign users to your application by clicking Users and groups >> Add user/group .
    • User provisioning with Azure AD of SCIM Standard Add users and groups to application
    • Clcik on None Selected, choose users and click on Select button.
    • User provisioning with Azure AD of SCIM Standard Select users and groups to application
    • Click on Assign button.
    • User provisioning with Azure AD of SCIM Standard Assign users and groups to application
    • Assigned users will be created in your WordPress site if they are not already present.
    • Once done with configuration, Go back to Provisioning and click on Start provisioning .
    • User provisioning with Azure AD of SCIM Standard Provisioning subtab User provisioning with Azure AD of SCIM Standard Start Provisioning option
    miniorange img  Configure the AzureAD to send custom Attribute Mapping [This is a premium feature]
    • The steps in Attribute Mapping for SCIM Users in Azure AD must be followed in order to create custom attribute mapping.
    • Navigate to the Provisioning >> Overview >> Edit attribute mapping section of your Enterprise Application of the AzureAD.
    • SCIM User Provisioning (User Account Management) Edit Attribute Mapping
    • Navigate to the Provision Azure Active Directory Users section under the Mappings dropdown.
    • SCIM User Provisioning (User Account Management) Provision Azure Active Directory Users
    • Go to Edit attribute list for customappsso section. (Make sure you have checked Show advanced options).
    • SCIM User Provisioning (User Account Management) Edit attribute list for customappsso
    • Scroll down to the bottom of this page and add this namespace urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:{custom attribute name of the WordPress } eg :- urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:Brand
    • SCIM User Provisioning (User Account Management) Add custom attribute
    • In case the custom attribute needs to be stored as xprofile field or BuddyPress/BuddyBoss field. You should add bb_{xprofile field} eg :- urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:bb_City
    • Once the attribute will be populated with the value received in the urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:bb_City variable
    • After adding all the attributes, click Save button. Next, choose which Azure AD attribute whose values should be sent as urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User:{attribute _name}
    • Click on the Add New Mapping.
    • SCIM User Provisioning (User Account Management) Add New Mapping
    • Select Source attribute, this value will be sent from AzureAD to WordPress. In the Target attribute select the extended attribute for respective attribute for the WordPress. Click Ok button.
    • SCIM User Provisioning (User Account Management) Attribute Created Successfully
    miniorange img  Configure Attribute Mapping of SCIM User Provisioning Plugin [ This is a premium feature ]
    • Navigate to Attribute-Mapping subtab and enable Show User Attribute when a user is created.
    • SCIM User Provisioning (User Account Management) Show User Attribute when a user is created
    • Once this option is selected you can navigate to the Attribute Mapping tab of the plugin and Provision a test user (This user must not exist in the WordPress) to check the attributes sent by AzureAD.
    • Once a new user is created you can select the User’s attributes to be mapped from the dropdown beside the attribute field.
    • SCIM User Provisioning (User Account Management) Attribute Mapping in WordPress with Azure AD

Step 5: SCIM Audit [This is a premium feature]

  • SCIM Audit allows you to keep the track of all the provisioning activity taking place. It shows you the detailed information about each user being provisioned. This information includes the User Action, Status, Created Date etc.
  • In the miniOrange SCIM User Provisoner plugin, naviagate to the SCIM Audit tab.
  • Here you can see all the User provision information.
  • WordPress Okta SCIM User Provisioning | Audit value
  • Click on the Show Advanced Search button, to search the provisoned user details by using the search filters like Wordpress Username, IP Address etc.
  • WordPress Okta SCIM User Provisioning | Show Advanced Search
  • On clicking the Clear Reports button, you can clear all the user provisioned details.
  • WordPress Okta SCIM User Provisioning | Clear Reports

    SCIM User Provisioning plugin also supports provisioning for other IDP's like Okta ,Cognito,OneLogin,Salesforce, Ping Identity, WSO2, GSuite, GitHub and many more.

Additional Resource

Other Supported IDPs


If you are looking for anything which you cannot find, please drop us an email on samlsupport@xecurify.com

Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Sign Up

Customer Reviews

See for yourself what our customers say about us.
 

Reviews

Extensive Video Guides

Easy and precise step-by-step instructions and videos to help you configure within minutes.

Watch Demo


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at

 +1 978 658 9387 (US) | +91 97178 45846 (India)   samlsupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com