Before enabling your user provisioning, please ensure you've configured your workspace notification preferences appropriately. Provisioned users receive notifications even if they've not yet signed into their account. You can configure your workspace notification preference on your Admin Console's Security Settings Page.

Create an Azure enterprise application

Skip this step if you already have a SAML application for Haystack in Azure. Please see the instructions in this article for creating a SAML SSO application for Haystack in Azure.

Enable and config SCIM Provisioning in the Azure SAML application

Replace “dev” in the SCIM connector base URL with your haystack domain; Copy the auth token from the Haystack “User Provision & Login” in the admin console; Click “Test Connector” to make sure the auth token is working properly.

Edit the fields you like to sync from Azure to Haystack using the user attribute mapping.

The default Azure user attribute mapping may not work properly, check the following mappings -

  • Map “objectId” to “externalId”

  • Map “manager” to “urn:ietf:params:scim:schemas:extension:haystack:1.0:User:managerExternalId”

“urn:ietf:params:scim:schemas:extension:haystack:1.0:User:managerExternalId” is a custom field in Haystack SCIM extension, you will need to add this field into your application before it can be used in the attribute mapping::

  1. Remove the default Map from “manager” to “urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager”

  2. Check the “Show Advanced Options” at the bottom of the user “Attribute Mapping” page.

  3. Click the “Edit attribute list”

  4. Create a new string attribute "urn:ietf:params:scim:schemas:extension:haystack:1.0:User:managerExternalId"

  5. Navigate back to the 'User Attribute Mapping' page.

  6. Add a new mapping from “manager” to “urn:ietf:params:scim:schemas:extension:haystack:1.0:User:managerExternalId”

Map other custom attributes

joinDate -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:joinDate

pictureUrl -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:photoUrl

city(or locality) -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:locality

state(or region) -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:region

country -> urn:ietf:params:scim:schemas:extension:haystack:1.0:User:countryCode

Below is an example of the user attribute mappings

Did this answer your question?