⚠️ If you’re already using Javelo and have users in the app, please read Preparing Javelo for External User Source Integration before proceeding.
Azure AD - provisioning users in Javelo with SCIM
Automatic provisioning refers to creating user identities and roles in the cloud applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change.
The Azure AD Provisioning Service can therefore assign users to the Javelo application by connecting to the SCIM 2.0 User Management API endpoint which is provided by Javelo.
The SCIM endpoint allows Azure AD to programmatically create, update, and deactivate users .
The channel used for provisioning between Azure AD and the application is encrypted using HTTPS TLS 1.2 encryption.
For outbound provisioning between Azure AD and Javelo, user or group assignments are the most common method of determining which users are within the scope of provisioning.
More information on assigning users to an Active Directory application here.
⚠️ Once activated, the SCIM provisionning is considered as the only source of truth for creating users. Then you will not be able to login to Javelo with a user that was not previously created through SCIM provisionning.
How to configure the synchronization between Azure AD and Javelo?
Azure AD runs a synchronization process every 40 minutes in which it queries the Javelo application's SCIM endpoint for assigned users and groups, and creates or modifies them based on the assignment details.
1- Activate Azure integration in Javelo
⚠️ Your Javelo account needs some high privileges to achieve this step.
Go to “Settings" (⚙️ icon) in the upper right corner of your Javelo account.
Select “Integrations” from the navigation menu under the Company section.
Click "Configuration" in the "Azure integration" panel.
Click "Activate Azure".
This action will generate a token, copy it and paste it in your Azure interface to start the synchronization.
❗ Please note that the token is only displayed once. If you fail to store it, you will need to generate a new one through this integration configuration modal.
2- Create an application that will synchronize with Javelo
Follow these steps to connect the application Javelo :
Log in to the Azure Active Directory portal.
In the left panel, select Applications > Enterprise Applications.
Select Create your own application > Integrate any other application you don't find in the gallery (Non-gallery).
Enter a name for your app, then select Add to create an app object. The new app is added to the list of corporate apps and opens on its app management screen.
In the application management screen, select Provisioning in the left pane.
From the Provisioning Method menu, select Automatic
In the Tenant URL field, enter the URL of the application's SCIM endpoint : https://api.javelo.io/scim/v2.
The SCIM endpoint requires an OAuth bearer token. This token is the one you get before. Enter it in the Secret Token field.
Select Test Connection to have Azure Active Directory attempt to connect to the SCIM endpoint. If the attempt fails, error information is displayed.
If the attempt to log in to the application is successful, select Save to save the administrator credentials.
3- Assign users and groups that will be synchronized in Javelo
Configuration overview:
You may now have a look on the provisioning configuration. The first place to check is where you may see and assign users or groups to Javelo:
More information on assigning users to an Active Directory application here.
User deactivation:
Removing a user from the provisioning scope will automatically disable the user on Javelo. For more information on user lifecycle, see this documentation.
4- Activate the synchronization of user and group resources
Configure the attributes mapping:
The Mappings section presents a selectable set of attribute mappings.
The following attributes are the default for Azure mapping and should be in the attribute mapping of your Azure Active Directory Users provision.
To figure out the meaning of these attributes in Javelo, please visit this section, which contains the full list of the SCIM attributes we support.
Example:
Activate the mapping:
Once your mapping is configured, the last step is to enable the provisioning, using the newly created mapping.
Here are the steps needed:
Your provisioning should now be working.
💡 This document helps to specify the Azure AD provisioning configuration for Javelo. You can find all the information about Azure Active Directory Provisioning in the Microsoft Azure documentation.