SCIM provisioning integration with Azure AD

RoboForm SCIM Provisioning

RoboForm SCIM Provisioning simplifies user and group administration for RoboForm enterprises by integrating seamlessly with their current Identity Provider (IdP). Once this integration is activated, any changes made within your IdP, whether it's adding new users or adjusting existing user and group details, will be automatically synchronized with RoboForm. This synchronization encompasses user names, email addresses, group memberships, and account statuses (creation, suspension, deletion), ensuring efficient management.

This article will cover how to enable SCIM Provisioning through Azure AD, additional documentation from Azure's help center may be useful as an additional reference point during this process and can be found here.

Integrate RoboForm with Azure AD

1) Sign into your Azure/Entra management console, navigate to Applications>>Enterprise Applications, and select New Application.

 

 

2) From this page select Create your own application.

 

 

3) Name the new application RoboForm, set it to Integrate any other application you don't find in the gallery (Non-gallery)", and select Create.

 

 

4) Locate step 3 "Provision User Accounts" and select Get Started.

 

 

5)  Navigate to the Provisioning tab and set the Provisioning Mode to Automatic.

 

 

6) In this step you will need the information found in your RoboForm administrator console's Integration page:

• In RoboForm for Business' administrator console navigate to Integrations >> Microsoft Entra ID.
• In RoboForm, copy the SCIM Server URL to the Tenant URL field in Azure.
• In RoboForm, generate New Token, copy it, paste to the Secret Token field in Azure.

Once all of the options have been configured hit Test Connection to verify that everything has been enabled correctly. If the test completes hit Save.

 

 

7) Select the Mapping drop down and click on Provision Azure Active Directory Groups. Scroll down to the Attribute Mappings table and remove every entry except displayName and members.

To remove an attribute press the Delete button to the right of that attribute. The remaining attributes should look like the below screenshot when finished. Once all the attributes have been edited click Save at the top of the page.

 

 

8) Navigate back to the Provisioning page, scroll down to the Mapping section, and select Provision Azure Active Directory Users. Scroll down to the Attribute Mappings table and remove every entry except for userName, active, and displayName.

The remaining attributes should looks like the below screenshot when finished. Once all the attributes have been edited click Save at the top of the page.

 

 

Integration has now been setup between RoboForm and Azure/Entra. It may take up to an hour for this to register in the RoboForm SCIM Provisioning Configuration page. Once the integration status is Active you can begin assigning RoboForm to your users and pushing groups .

 

 

Notice

If a user is removed from all groups that are assigned to RoboForm for 30 days Azure will delete that user's RoboForm account. This is a policy that is enforced by Azure and cannot be adjusted on RoboForm's side. Be careful when removing users from groups assigned to RoboForm, if left that way for 30 days it may result in loss of data.