Kisi wordmark

HelpSpace

search
close

Try searching for

integrations

getting started

apple watch app

blinkup

arrow up arrow down

navigate

esc to close

SCIM: Provisioning and Deprovisioning Kisi Organization Members with Azure

Updated

This content is being deprecated.
Please see our new Kisi Docs portal at docs.kisi.io
Relevant section: Enable SCIM on Azure Active Directory

SSO and SCIM require a Kisi Organization license. Please contact Kisi Support to learn more.

Kisi Organizations can configure Microsoft Azure to enable System for Cross-domain Identity Management (SCIM) provisioning and deprovisioning for their Kisi members. Before you start, please check that you have set up SSO for your Organization, generated a SCIM token, enabled SCIM for your Organization and added the Kisi Physical Security app in Azure.

SCIM with Azure allow you to:

  • Create Users
  • Update User Attributes (via PUT and PATCH)
  • Deprovision Users
  • Create Groups
  • Update Group Attributes
  • Assign and deassign users to groups

Generating SCIM Token in Kisi

To generate your SCIM Token in Kisi:

  1. Sign in to your Kisi Organization account
  2. Under Organization Setup, click on SSO & SCIM
  3. Toggle On Enable SCIM and click on Generate Token
    kisi-organizations-scim.png
  4. Copy the Token (this Token is only shown once)

Setting up SCIM with Azure

To configure SCIM with Azure for your Kisi Organization:

  1. Sign in to the Azure Portal
  2. On the left navigation pane, select the Azure Active Directory service
    kisi-azure-scim-ad.png
  3. Click on Enterprise applications
    kisi-azure-enterprise-apps.png
  4. Under All Applications, click on your Kisi Physical Security application
    kisi-azure-kisi-app.png
  5. Click Get Started in the Provision User Accounts card
    kisi-azure-kisi-app-provisioning.png
  6. Change provisioning mode from Manual to Automatic
    kisi-azure-provisioning-mode.png
  7. Add https://api.kisi.io/scim/v2 as the Tenant URL and enter your SCIM token in Secret Token
  8. Click Test Connection and verify that the test succeeds before clicking Save
  9. The default mappings and settings should work, but you can now change whether both groups and users should be synchronized. It can also be helpful to add a notification email address that will receive an email if the synchronization fails (this option can be found in Settings)
    kisi-azure-scim-save-settings.png
  10. Go back to the Enterprise applications, choose the Kisi Physical Security app and click on Users and groups
    kisi-azure-groups.png
  11. Add any groups and users you want to sync with Kisi
  12. Go back to Provisioning and click on Start provisioning (if it's greyed out it's already running)

    kisi-azure-start-provisioning.png

Good to know

Azure syncs on a fixed schedule of around 40 minutes. This means that any updates in Azure might take up to 40 minutes before they are propagated to Kisi.

It is possible to sync single users on demand by going to Provisioning > Provision on demand. Groups cannot be synced on demand.

Written by Joao,

Was this article helpful?
Have more questions? Submit a request

Related articles