Before enabling your user provisioning, please ensure you've configured your workspace notification preferences appropriately. Provisioned users receive notifications even if they've not yet signed into their account. You can configure your workspace notification preference on your Admin Console's Security Settings Page.

Skip this step if you already have a SAML application for Haystack in Azure. Please see the instructions in this article for creating a SAML SSO application for Haystack in Azure.
​

Replace “dev” in the SCIM connector base URL with your haystack domain; Copy the auth token from the Haystack “User Provision & Login” in the admin console; Click “Test Connector” to make sure the auth token is working properly.

The default Azure user attribute mapping may not work properly, check the following mappings -

“urn:ietf:params:scim:schemas:extension:haystack:1.0:User:managerExternalId” is a custom field in Haystack SCIM extension, you will need to add this field into your application before it can be used in the attribute mapping::

joinDate -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:joinDate

pictureUrl -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:photoUrl

city(or locality) -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:locality

state(or region) -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:region

country -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:countryCode

Below is an example of the user attribute mappings

Enable and config SCIM Group Provisioning in the Azure SAML application

Note: Group members sync are supported for both creation and update. Group name sync is only supported for creation.