Before enabling your user provisioning, please ensure you've configured your workspace notification preferences appropriately. Provisioned users receive notifications even if they've not yet signed into their account. You can configure your workspace notification preference on your Admin Console's Security Settings Page.

Enable and config SCIM Provisioning in the Azure SAML application

Replace “dev” in the SCIM connector base URL with your haystack domain; Copy the auth token from the Haystack “User Provision & Login” in the admin console; Click “Test Connector” to make sure the auth token is working properly.

Edit the fields you like to sync from Azure to Haystack using the user attribute mapping

The default Azure user attribute mapping may not work properly, check the following mappings -

  • Map “objectId” to “externalId”

  • Map “manager” to “urn:ietf:params:scim:schemas:extension:haystack:1.0:User:managerExternalId”

“urn:ietf:params:scim:schemas:extension:haystack:1.0:User:managerExternalId” is a custom field in Haystack SCIM extension, you will need to add this field into your application before it can be used in the attribute mapping::

  1. Remove the default Map from “manager” to “urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager”

  2. Check the “Show Advanced Options” at the bottom of the user “Attribute Mapping” page.

  3. Click the “Edit attribute list”

  4. Create a new string attribute "urn:ietf:params:scim:schemas:extension:haystack:1.0:User:managerExternalId"

  5. Navigate back to the 'User Attribute Mapping' page.

  6. Add a new mapping from “manager” to “urn:ietf:params:scim:schemas:extension:haystack:1.0:User:managerExternalId”

Below is an example of the user attribute mappings:

Did this answer your question?