Set up SCIM provisioning with Microsoft Azure AD, now renamed to Microsoft Entra ID.
Note: Lattice does not have an official integration with Azure. These are guidelines to help you if you wish to create a custom integration.
Having a custom Azure integration with Lattice Lattice allows you to automatically configure Azure to send user profile updates to Lattice using SCIM. The supported features include:
- Create Users: When a user is created or activated in Azure, they will automatically be created or reactivated in Lattice.
- Update User Attributes: When a user attribute is changed in Azure, the corresponding user profile in Lattice will automatically be updated.
- Deactivate Users: When a user is deactivated or disabled in Azure, the corresponding user in Lattice will automatically be deactivated.
Before you start
As this is a custom integration, there are limitations such as some fields will not be synced or that we will need extra steps in order to create a connection:
- If you want to deactivate users, be sure to append your SCIM tenant URL with aadOptscim062020. For example, https://api.latticehq.com/scim/v2?aadOptscim062020. Please note that aadOptscim062020 is specific to Azure. Please do not append this if you are using another SCIM provider.
- Lattice’s SCIM API does not yet support SCIM Groups, SCIM Bulk Updates, Azure patch or filter options in attribute mapping.
- Mapping to the default Job Architecture fields and Compensation fields is currently not available.
- In order to map the manager field, follow these steps.
- Some default attributes contain filters and will need to be removed.
- Learn more about known issues for application provisioning in Azure Active Directory
Create a Custom Enterprise Application in Azure
- In Azure portal, go to Azure Active Directory.
- On the left panel, go to Enterprise applications > All applications > click New application.
- Click + Create your own application.
- Enter the name of your app (i.e. Lattice SCIM).
- Under What are you looking to do with your application, select Integrate any other application you don't find in the gallery (Non-gallery).
- Select Create.
- Under Getting Started, follow step 1. Assign users and groups
Enable provisioning for the custom Lattice SCIM application
Once user and group records have been assigned to the custom Lattice SCIM application, you can proceed to provision user accounts.
- While still on your custom Lattice application page, navigate to Provisioning > click Get started.
- Click on the Provisioning Mode dropdown and select the desired option.
- Manual: User and group entities will only be pushed to Lattice if synced manually
- Automatic (recommended): User and group entities are pushed to Lattice every 45 minutes
- If automatic provisioning is enabled, you must enter the following Lattice SCIM API details:
- Select Test Connection to ensure the credentials are authorized to enable provisioning.
- After receiving a successful test, select Save.
- (Optional) Configure additional Mappings and provisioning Settings.