Microsoft Entra ID SCIM configuration

Enabling SCIM in Trelica

A pre-requisite for configuring SCIM in Entra ID is enabling SCIM in Trelica.

Go to AdminSettings > Users and find the Single Sign-On (SSO) > SCIM section.

You will need the Base URL and Bearer token when configuring in Entra ID.

You must click Enable SCIM for the token to become valid.

Configuring an Enterprise application

Go to Enterprise applications and click New application:

  1. Click Create your own application
  2. Enter Trelica as the name.
  3. Choose Integrate any other application you don't find in the gallery (Non-gallery).
    Do not choose the Trelica app proposed. Microsoft are not currently updating gallery apps and the older Trelica app does not allow SCIM configuration. If you have the older app configured you may need to remove it and reconfigure SAML2 SSO on this app.
  4. Click Create.

 

 

Once you have done this, or if you already have a Trelica application in Entra ID go to the application overview page, and choose Provisioning:

Entra ID now has a wizard based approach to configuration. Choose Connect your application:

Paste in the Base URL from Trelica into Tenant URL, and the Bearer token from Trelica into Secret token:

Click Test connection. A confirmation message should be shown.

Now click Create at the bottom of the page.

Under ManageProvisioning expand the Mappings section and click Provision Microsoft Entra ID Groups.

Set Enabled to No and click Save:

Testing

Go to Overview and choose Provision on demand:

Select a user and click Provision.

Entra will show if the user can be provisioned. You may need to add the user to the Enterprise application under the Users and groups page.

The user email address must be for a domain that is registered in Trelica as valid for user requests. Check this in Trelica by going to Admin > Settings > Organization. Under Your organization click through on the Domains section. The domain should have a tick in the User requests column.

Entra will show you the steps it has carried out and whether they have been successful:

Enabling provisioning

Ensure you have assigned the right users and groups to the Trelica application.

When you are ready you can enable provisioning.

What Trelica role will be assigned to users?

Without specific configuration users will be created with the default Trelica role. This is visible under Admin > Settings > Users, in the Default role section:

If you wish to nominate a specific role then you can configure an Attribute mapping in Entra.

Entra supports sophisticated attribute mapping logic, but this example will map users to the Read-only role:

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.