Customer IT / SpaceIQ Onboarding Team
This article descirbes how to configure the Azure integration for SiQ.
- Integration Activities
- Attribute Mappings from SiQ to an Azure User Profile
- Troubleshooting Tips
- Additional Resources
Before you configure SCIM-based provisioning for SiQ, make sure you are familiar with SCIM-based authentication.
If you are looking for SiQ Sign on with Office 365, you will need a paid subscription to Office 365 which comes with Azure Active Directory.
Step 1. Activate the SiQ Integration in SiQ
From the SiQ Web App, complete the following:
- Click your Profile Name in the top right corner.
- Click Settings. The Settings screen displays.
- From the left menu, click Integrations.
- From the Third Party Integrations area, click the READ MORE link. The Integrations screen displays.
You can either search for Azure in the Search field or navigate to Azure tile. To navigate complete the following:
- From the left menu, click Provisioning & SSO.
- For Azure, click the Activate button.
The Azure dialog displays and it contains a Provisioning tab and an SSO tab.
Step 2. Copy the SCIM Bearer Token in SiQ
This is where the SCIM Bearer Token is found.
In the SCIM Bearer Token field, click the Copy icon. This token will be used to configure the Azure’s SiQ app below.
Step 3. Add a new SiQ app into Azure
Note in the Azure Integration Provisioning screen you will see additional instructions.
From Azure complete the following:
- Sign in to the Azure portal.
- Browse to Azure Active Directory > Enterprise Applications.
- Select New application > All > Non-gallery application.
- Enter a name for your application and click Add to create an app object.
- In the resulting screen, select the Provisioning tab in the left column
- In the Provisioning Mode menu, select Automatic
- In the Tenant URL field, enter the URL of the application's SCIM endpoint: https://api.spaceiq.com/scim
- In the Secret Token field paste the SCIM Bearer Token from the section above.
- Click the Test Connection button to have Azure Active Directory attempt to connect to the SCIM endpoint. If the attempts fail, error information will display. Save this information for further troubleshooting.
- If the attempts to connect to the application succeed, click Save to save the admin credentials.
- In the Mappings section, there are two selectable sets of attribute mappings: one for user objects and one for group objects. Select each one to review the attributes that are synchronized from Azure Active Directory to SiQ app. Select both basic and custom properties.
- Under Settings, the Scope field defines which users and/or groups are synchronized. Selecting "Sync only assigned users and groups" (recommended) will only sync users and groups assigned in the Users and groups tab.
- When your configuration is complete, change the Provisioning Status to On.
- Click Save to start the Azure AD provisioning service.
Attribute Mappings from SiQ to an Azure User Profile
As shown in the Azure Mapping Editor, the base profile that Azure imports from SiQ consist of 20+ attributes. Some of these attributes are mapped to the Azure user profile by default.
Azure's SiQ application has been enhanced to support user-defined custom attributes, which enables Azure to import more than 20 attributes to SiQ. These attributes will be created and mapped manually.
- Users without First Name and/or Last Name in their SiQ profiles cannot be imported to Azure as new users
- Azure users without Departments cannot be imported to SiQ as new users
- In the event that a department also has teams (sub-departments), SiQ expects Organizations/Divisions that contain top level organization and department to also contain a Team name
Example: Organization: Engineering with Department : QA
Additional instruction details can be found in Microsoft's Azure Help Center.