Directory Sync for Your Organization
Directory Sync will allow your organization to provision and de-provision accounts with your directory provider using SCIM 2.0.
Note: Only administrators with 'Owner' privileges have access to directory sync settings for your organization. Refer to how to set owner status for more information.
Configuring Directory Sync
Retrieve SCIM API Endpoint
-
Navigate to 'Security' tab under your organization settings on Wave.
-
Select 'Configure' under 'Directory Sync.'
-
Copy the SCIM endpoint by clicking on the clipboard icon.
Generate Access Token
-
Navigate to 'Security' tab under your organization settings on Wave and select 'Add token' under 'Tokens.'
-
Assign a name to your token, select 'Manage SCIM' for 'Scopes,' and press 'Create' to generate a new token.
-
Copy this token by clicking on the clipboard icon.
Set Up Provisioning for Your Organization
-
Navigate to 'Enterprise applications' under your organization's overview page.
-
Select your desired Azure application or create a new one (learn more about creating a new application on Azure).
-
Select 'Provision User Accounts' or navigate to 'Provisioning' tab in the side bar menu.
-
In the new page, click on 'Get started' to set up provisioning.
-
Map 'Provisioning Mode' to 'Automatic.'
-
Navigate to 'Admin Credentials.'
-
Paste the SCIM URL endpoint under 'Tenant URL' field on 'Admin Credentials' under your application's provisioning page. Refer to our guide on retrieving your organization's SCIM endpoint URL for more information.
-
Paste your security token under 'Secret Token' field on 'Admin Credentials' under your application's provisioning page. Refer to our guide on generating access token for your organization's API for more information.
-
Click on 'Test Connection' to test your SCIM connection. You should receive a confirmation message from Azure. Once your connection is validated, click on 'Save.'
-
Return to the provisioning menu and select 'Start provisioning.'
-
Navigate to 'SSO Applications' under your organization's overview page.
-
Create a new application using 'Add New Application' or select one already in your organization.
-
Select 'Custom Application' then press 'Next.'
-
In the new page, check 'Import users from this app (Identity Management)' & 'Export users to this app (Identity Management)' for provisioning then press 'Next.'
-
Assign a label to your application then click on 'Save Application.'
-
Navigate to 'Identity Management' under your newly created application.
-
Paste the SCIM URL endpoint under 'Base URL' field. Refer to our guide on retrieving your organization's SCIM endpoint URL for more information.
-
Paste your security token under 'Token Key' field. Refer to our guide on generating access token for your organization's API for more information.
-
Enter a test email address in the field provided and use 'Test Connection' to validate your SCIM connection. After receiving a confirmation message from JumpCloud, click on 'Activate.'
-
Under 'Attribute Mapping,' map 'PhoneNumbers.Value' to 'Work Phone,' 'Emails.Value' to 'Company Email,' and 'EnterpriseExtension.Organization' to 'Company' then click on 'Save.'
Assigning Members to a Team
-
Navigate to 'Users and groups' under the side bar menu of your application overview page on Microsoft Azure.
-
Click on 'Add user/group.'
-
Choose 'None Selected.'
-
Select the users or groups you wish to add to your application then in the following page press 'Assign.'
-
Users assigned to your application will automatically sync to your team on Wave.
Note: Users assigned to an Azure application will require a valid email address for provisioning to work properly.
-
Navigate to 'User Groups' in the side bar menu, then select the group you wish to set-up provisioning for.
-
Under 'Applications' tab for the group, assign an application from your organization and 'Save.'
Note: It is critical that the application you choose has 'Identity Management' enabled. Refer to set up provisioning for your organization for more information.
-
Navigate to 'Users' tab, select the users you wish to add to your group, and then press 'Save.'
-
Users assigned to your group will automatically sync to your team on Wave.
De-provisioning Member
-
Navigate to 'Users and groups' under the side bar menu of your application overview page on Microsoft Azure.
-
Select the users or groups you wish to remove from your team.
-
Click on 'Remove.'
-
Click on 'Yes' to confirm your removal request.
-
Users removed from your application will be automatically deleted from your team on Wave.
-
Navigate to 'User Groups' in the side bar menu, then select the group you wish to modify.
-
Navigate to 'Users' tab, uncheck the users you wish to remove from your group, and then press 'Save.'
-
Users unassigned from your group will automatically remove to your team on Wave.