This guide will walk you through setting up SCIM (System for Cross-domain Identity Management) integration between Microsoft Entra ID and Right-Hand Portal for automated user provisioning.
Currently, Microsoft EntraID's provisioning service does not support updating attributes to null or empty values. When an attribute is cleared or set to an empty value in the source system, Entra ID skips the update and does not propagate the change to the target application
Step 1: Create Enterprise Application in Microsoft Entra ID
Login to Azure Portal and search for "Microsoft Entra ID" in the search bar.
On the left panel, under the "Manage" tab, click "Enterprise Applications."
To create a new SCIM application, click "New Application."
Click on "Create your own application."
Name your application "Right-Hand SCIM" and select the last option, "Integrate any other application you don't find in the gallery (Non-gallery)."
Once the application is created, click "Provision User Accounts" and then "Get Started."
Select "Automatic" from the Provisioning mode dropdown.
Step 2: Configure Provisioning
You'll need to fill out the Tenant URL and Secret token from the Right-Hand Portal:
Go to RH Portal > Company Management > Employees > List
On the top right corner, click Import > select SCIM
Enable SCIM Provisioning toggle button
Copy the webhook URL (Tenant URL) and token (Secret Token)
Copy and paste the Tenant URL and Secret Token into Azure. Click "Test Connection" to verify the connection. Once successful, click "Save."
Step 3: Configure Attribute Mapping
Go to "Provisioning" under the manage tab.
Select "Edit attribute mapping."
Under mappings, select "Provision Microsoft Entra ID Users."
Delete any unnecessary attributes and keep only the ones that the app will use.
Click "Save" and exit.
Step 4: Assign Users
Return to the application and select "Users and Groups."
Click "Add Users/Group."
Assign the users you want to provision to the Right-Hand Portal.
User Groups are not currently supported in this integration. Only users can be provisioned.
Step 5: Test and Activate Provisioning
Before activating full provisioning, test with an individual user using the "Provision on Demand" option. Note: The user must already be assigned to the app to use the "Provision on demand" feature.
Click on the "Provisioning" section.
At the top, click "Provision on demand."
Look for the specific user you want to test, select them, and click "Provision."
After confirming the test user was correctly provisioned to the Right-Hand Portal, go back to the "Provisioning" section.
Click on overview
Click "Start provisioning" at the top to activate full provisioning.
All users assigned to the application will now be synchronized with the Right-Hand Portal.
After the first sync is completed, you can check the Provisioning logs to see which users were successfully synchronized.
Important Notes:
Only one SCIM provider should be active at a time.
User Groups are not currently supported in this integration.
Users unassigned from the application will be archived in the Right-Hand Portal.
The following user attributes are supported for synchronization:
SCIM Attribute | Microsoft Entra ID Attribute | RH Attribute |
userName | userPrincipalName | |
active | Switch([IsSoftDeleted], , "False", "True", "True", "False") | Status of Employee(Active/Archived) |
displayName | displayName | Fall back for First Name, In case First Name is not available |
name.givenName | givenName | First Name |
name.familyName | surname | Last Name |
addresses[type eq "work"].streetAddress | streetAddress | Office Location |
externalId | userPrincipalName | Field is needed for user creation |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department | department | Department |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager | manager | Manager |
If you have any questions or need assistance with your SCIM integration, please contact our support team. [email protected]