SCIM provisioning integration with Azure AD

RoboForm SCIM Provisioning

RoboForm SCIM Provisioning automates user and group management for RoboForm companies through integration with their existing Identity Provider (IdP). With this integration enabled, any updates made in your IdP, including adding new users or modifying existing user and group information, will automatically sync with RoboForm. This automation includes user names, email addresses, group memberships, and account status (creation, suspension, deletion).

This article will cover how to enable SCIM Provisioning through Azure AD, additional documentation from Azure's help center may be useful as an additional reference point during this process and can be found here.

 

Integrate RoboForm with Azure AD

 

1) Sign into your Azure/Entra management console, navigate to Applications>>Enterprise Applications, and select New Application.

 

 

2) From this page select Create your own application.

 

 

3) Name the new application RoboForm, set it to Integrate any other application you don't find in the gallery (Non-gallery)", and select Create.

 

 

4) Locate step 3 "Provision User Accounts" and select Get Started.

 

 

5)  Navigate to the Provisioning tab and set the Provisioning Mode to Automatic.

 

 

6) In this step you will need the information found in your RoboForm administrator console's SCIM Provisioning page:

• In RoboForm for Business administrator console navigate to Company Settings>>SCIM Provisioning.
• In RoboForm, copy the SCIM Server URL to the Tenant URL field in Azure.
• In RoboForm, generate New Token in RoboForm, copy it, paste to the Secret Token field in Azure.

Once all of the options have been configured hit Test Connection to verify that everything has been enabled correctly. If the test completes hit Save.

 

 

7) Select the Mapping drop down and click on Provision Azure Active Directory Groups. Scroll down to the Attribute Mappings table and remove every entry except displayName and members.

To remove an attribute press the Delete button to the right of that attribute. The remaining attributes should look like the below screenshot when finished. Once all the attributes have been edited click Save at the top of the page.

 

 

8) Navigate back to the Provisioning page, scroll down to the Mapping section, and select Provision Azure Active Directory Users. Scroll down to the Attribute Mappings table and remove every entry except for userName, active, and displayName.

The remaining attributes should looks like the below screenshot when finished. Once all the attributes have been edited click Save at the top of the page.

 

 

Integration has now been setup between RoboForm and Azure/Entra. It may take up to an hour for this to register in the RoboForm SCIM Provisioning Configuration page. Once the integration status is Active you can begin assigning RoboForm to your users and pushing groups .

 

 

Notice

If a user is removed from all groups that are assigned to RoboForm for 30 days Azure will delete that user's RoboForm account. This is a policy that is enforced by Azure and cannot be adjusted on RoboForm's side. Be careful when removing users from groups assigned to RoboForm, if left that way for 30 days it may result in loss of data.