Skip to main content

Microsoft SCIM: Map user attributes

Jan
  • Updated

How to map user attributes to Lattice with SCIM through Microsoft Azure AD, now renamed to Microsoft Entra ID.

Map user attributes

  1. Navigate back into your custom Lattice App > go to Provisioning
  2. Under Provisioning, click Attribute mapping (Preview)
  3. Click Provision Microsoft Entra ID Users. At this time we do not support mapping through Provision Microsoft Entra ID Groups. This option should be disabled. 
  4. Complete the following options: 
    • (Optional) Under Source Object Scope, set the scoping filters for the object record queries that will be initiated for each provisioning cycle.
    • Under Target Object Actions, select the target object actions in scope for each provisioning cycle (Create/Update/Delete). 
    • Under Attribute Mappings, define how attributes are synchronized between Microsoft Entra ID and the Lattice SCIM app.
  5. To ensure the Attribute Mappings are aligned to Lattice attributes, the following fields need to be removed from the mapping: 
    • preferredLanguage
    • mail
    • physicalDeliveryOfficeName
    • streetAddress
    • city
    • state
    • postalCode
    • country
    • mobile
    • facsimileTelephoneNumber
  6. Find and click on the field mailNickname
  7. Change the source attribute to objectID.
  8. Set the Matching precedence to 2.
  9. Click Save.Screenshot of attribute mapping of employee IDs in Azure

Note: Once this is complete, the userPrincipalName will be set as matching precedence “1” and objectId will be set as matching precedence “2”. This ensures a secondary matching precedence can be used to match user records from Microsoft Entra ID's objectId attribute to Lattice externalId attribute if no matches are found using the primary matching precedence of Microsoft userPrincipalName attribute to Lattice’s userName attribute.

Map the manager field

The manager field is a complex field and will require extra steps to ensure they are mapped correctly: 

  1. At the bottom of the Attribute Mapping page, mark the Show advanced options checkbox. 
  2. Click Edit attribute list for customappsso.

  3. Add another line with the following values: 

    Name urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value
    Type Reference
    Referenced Object Attribute urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.externalId
  4. Click Save
  5. Now go back to the Attribute Mapping page. 
  6. Find and click the field manager.
  7. Change the Target attribute to urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value.
  8. Click OK
  9. Click Save

Next, add additional user attribute mappings or continue to turn on provisioning in Microsoft.

Related articles