Microsoft Azure Active Directory

In this article

Microsoft Azure AD provisioning allows for real time employee provisioning through Azure Active Directory utilizing SCIM API.

How does this integration work?

With the Envoy + Microsoft Azure Active Directory integration, Envoy will allow employee provisioning and Single Sign On by utilizing the Envoy Enterprise app within Azure’s Active Directory portal.

Note: Please reach out to Envoy support to be whitelisted for access.

Enabling the Envoy + Azure Active Directory integration

Note: You’ll need to be an admin on your Azure account to complete this integration. Either become an admin or ask your admin for help before completing these steps:

  1. Go to Integrations > All integrations.
  2. Under Directory, find Microsoft Azure SCIM. Click “Install.”
  3. Select “Sync all users” or “Sync specific users per location” and click “Save”.
  4. Copy the Oauth Bearer Token from Envoy and note to be entered into Azure later.
  5. Open the Azure portal and select Azure Active Directory -> Enterprise applications -> New application -> Add from the gallery -> search for Envoy and select add.
  6. Open Provisioning tab and select “Provisioning Mode” as “Automatic”
  7. Copy Envoy’s SCIM endpoint into “Tenant URL” = and paste the Oauth Bearer Token from the Envoy Dashboard.
    1. Note: Tenant URL above is for new instances, if existing, do not update.
  8. Click on “Test Connection”, once successful, “Save”
  9. Go to the Mappings section on the Provisioning tab
    1. Click on “Synchronize Azure Active Directory Groups to customappsso”.
      1. In the attribute Mappings section, delete the following group mapping attributes and “Save”:
        1. objectID
        2. mail
        3. mailEnabled
        4. securityEnabled
        5. members
    2. Click on “Synchronize Azure Active Directory Users to customappsso”.
      1. In the attribute Mappings section, delete the following user mapping attributes and “Save”:
        1. employeeNumber
        2. costCenter
        3. organization
        4. division
        5. department
        6. manager
  10. Click on “Users and groups” on the left hand side and then assign users or groups to the application. Note that Azure does not support nested groups for SCIM provisioning.
  11. Once users are assigned, click on “Provisioning” on the left hand side and scroll down to the bottom and turn “Provisioning Status” On.

Note: Envoy is in the process of updating our official documentation Envoy app within the Microsoft Azure store. At a future date, both employee provisioning and single sign on instructions will be listed.