Have A Question?

< All Topics
Print

Integrate your SCIM endpoint with the Azure AD Provisioning Service

Integrate Azure AD SCIM Provisioning Service for NEONNOW

Azure AD can be configured to automatically provision phone directories within NEONNOW.  In addition, if those users are Microsoft Teams users, NEONNOW can surface the user status (presence) of the Teams users.

The following are a list of pre-requisites for this integration:

  • NEONNOW Admin Access – to configure the new NEONNOW directory
  • Azure Portal admin access – to configure a new enterprise application to to grant permission to the NEONNOW application if presence sync required.
  • Azure Portal user & group setup – an Azure AD security group (user group) should be set up, that your users are members off.
  • All users that will be ingested should have a valid E164 phone number configured – note – this phone number field should have any spaces removed to ensure the Call History search functions correctly in NEONNOW

NB: It is assumed the user has a level of proficiency with with Azure AD.

Once the pre-requisites are complete, to add a new Directory, select the ‘Add Directory’ icon from within NEONNOW Admin:

NEONNOW Config

  • Enter a meaningful name & select ‘Azure Active Directory’ then select ‘Next Step’

  • Take a note of the security token (save it somewhere secure) that is displayed. Also expand ‘SCIM Configuration’ and save the Base URL.  You will need these later in the setup (but you can come back to it). Select the ‘Next Step’ option.

  • On the next page, if you would like to Sync Teams user presence, select ‘Sync Presence’ otherwise select ‘Don’t Sync Presence’.
  • If you select to ‘Sync Presence’, select the ‘Sign In to Microsoft Azure’ with admin privilege’s and accept the access request.

  •  Select ‘Accept’ on the Azure AD auth window. Once access is granted, you will be redirected back to the NEONNOW Wizard.  select ‘Finish’.

  • Now, the NEONNOW configure is complete, and it is time to configure the SCIM application in Microsoft Azure Portal.

Azure Portal Configuration

  • Sign in to the Azure portal.
  • Browse to Azure Active Directory > Enterprise applications.
  • A list of all configured apps is shown, including apps that were added from the gallery.
  • Select + New application > + Create your own application.
  • Enter a name for your application, choose the option “integrate any other application you don’t find in the gallery” and select Add to create an app object. The new app is added to the list of enterprise applications and opens to its app management screen. Name the application something like ‘NEONNOW_SCIM’.  The following screenshot shows the Azure AD application gallery:

  • In the app management screen, select Provisioning in the left panel.
  • In the Provisioning Mode menu, select Automatic. The following screenshot shows the configuring provisioning settings in the Azure portal. Enter the provisioning URL and token that you saved from NEONNOW Admin, and select ‘Test Connection’. Per below this should return a success. Select ‘Save’

  • It is time to configure the SCIM field mappings – expand Mappings, then select ‘Provision Azure Active Directory Users

  • Configure the SCIM mappings as per the screenshot below.  Note, you can utilise a separate phone number field if required

  • Note, you can also reference the NEONNOW Admin directory wizard screen below:

 

  • Once the mapping is complete, it’s time to assign users and start provisioning.  From the screen below, select ‘Add user/group’ to add users, or better a group.

  • Now to enable provisioning, select ‘Start Provisioning’

  • Once the initial cycle has started, you can select Provisioning logs in the left panel to monitor progress, which shows all actions done by the provisioning service on your app. For more information on how to read the Azure AD provisioning logs, see Reporting on automatic user account provisioning.
  • External contacts should now load within the External Directory within NEONNOW. Note, you may be need to re-load NEONNOW interface if the directory did not exist when the contact was loaded.  Select the contact for the overlay window to display – it will show current status (presence) of the external user in Teams

Note On Azure AD Access for Teams Presence

On step 3 of the Azure AD Teams directory wizard, access is granted to your Azure Tenant from our NEONNOW centralised Enterprise Application.  To remove/revoke access, two actions must be taken
1) Select ‘Remove Access to Azure on page 3 of the NEONNOW directory wizard
2) Log into your Azure AD, and navigate to ‘Enterprise Application’.  Find the application ‘NEONNOW’, then select ‘Properties’ then ‘Delete’ in the top title bar.
Table of Contents
Go to Top