Azure

1. Enable SCIM

1. Open the application that is configured for SAML in the Entra Id admin dashboard. Then select Provisioning on the left sub-nav

   

2. If this is the first time Provisioning is being configured, an informational screen will be presented. Select “Get started”

3. Go to the Setting up SAML page under Auth Settings and copy the SSO URL from the wizard.

4. On the Provisioning settings page, input the following values then select Test Connection

   • Provisioning Mode - Automatic
   • Tenant URL - https://api.alloy.co/scim/v2
     • Please note:💡 ”Tenant URL” might differ for different environments.
   • Secret Token - <token> (Instructions for generating token LINK, we only support Basic auth currently. No prefix is required, Azure will add the prefix.)

   After a successful connection is established between Entra Id and Alloy, select save.

   
   

5. Once the saving process is complete, scroll down as the toggle header Mappings should now be visible. Select Provisioning Microsoft Entra ID Users.

   

5. Modify the Users Attribute Mapping to mirror the below image then select Save. That’s it! SCIM Provisioning is now configured. (phoneNumbers[type eq "mobile"].valueis optional)

   

2. Assign Users to Alloy app.

1. Open the application that is configured for SAML in the Entra Id admin dashboard and select Assign users and groups or **select Users and Groups** on the left sub nav.

   

2. The application may already contain assigned users. To assign a user, select “Add user/group”. A modal should display. Select “None Selected” to begin selecting users to assign.

   
   

3. Click “Select” then “Assign” to complete the process.

   
   

4. Navigate to “Provisioning” on the left sub-nav.

   

5. The user has been assigned to the application on Entra Id. Entra Id updates Alloy with these changes on a 40 mins fixed interval basis. Due to the secret token’s short lifespan (1hr), its recommended to use the “Provision on demand “option when attempting to synchronize a small number users or groups.

   

6. Provisioning on Demand. After clicking Provision, any changes made to the users active status, first name, last name, or phone number will propagate to Alloy.

3. Assign Groups to Alloy app

1. Open the application that is configured for SAML in the Entra Id admin dashboard and select Assign users and groups or **select Users and Groups** on the left sub nav.

   

2. To assign a Group, select “Add user/group”. A modal should display. Select “None Selected” to begin selecting groups to assign.

   
   

3. Click “Select” then “Assign” to complete the process.

   

4. Navigate to “Provisioning” on the left sub-nav.

   

5. The group has been assigned to the application on Entra Id. Entra Id updates Alloy with these changes on a 40-minute fixed interval basis. Due to the secret token’s short lifespan (1hr), it's recommended to use the “Provision on demand “option when attempting to synchronize a small number of users or groups.

   

6. Provisioning on Demand. After clicking Provision, any changes made to the group's name will propagate to Alloy.

   
   
   
   

4. Verify the User and Groups created on the Alloy app

1. Login to the Alloy app. go to the settings, nav to Agents and Groups page. verify the user and group are added to the Alloy app