To setup SCIM, you will need a user in babelforce dedicated only for the integration (e.g. call it scim@mycompany.com). Once this user exists, you will need to get in touch with the Success team. We will provide you with a long living token which is necessary to make the integration work
Adjusting necessary settings in babelforce
To use Entra, a change in SCIM settings on babelforce's side is necessary. Unfortunately, this is not yet available via frontend. Therefore, this needs to be done via API. However, this is a pending feature request that should eventually be available.
This is how settings should be adjusted via CuRL:
curl -X 'PUT' \
'https://latest.dev.babelforce.com/auth/scim/v2/configuration' \
-H 'accept: application/json' \
-H 'Authorization: Bearer ${YOUR_BEARER}' \
-H 'Content-Type: application/json' \
-d '{
"defaultRoles": [],
"customizer": "microsoft",
"features":
{
"scim": true,
"groups": false,
"roles": true,
"password_sync": false,
"phone_number_sync": false
}
}'
You can also use our developer-hub directly, here the link to the EU namespace:
https://apps.babelforce.com/developer-hub/scim/#/scimConfig/createSCIM
There, you apply the same settings as above:
{
"defaultRoles": [],
"customizer": "microsoft",
"features":
{
"scim": true,
"groups": false,
"roles": true,
"password_sync": false,
"phone_number_sync": false
}
}
Setting up SCIM in Entra
- Login to https://portal.azure.com/
- Click on Microsoft Entra ID
- Click on "Manage" > "Enterprise Applications"
- Click on "New Application"
- In the next dialog, click on "Create your own application"
- give your application a name
- ensure that "Non-gallery" option is selected and click on "create"
- Wait until the application is created
- Once it is, you will see a screen as in the screenshot below
- Click on "Manage" > "Provisioning"
- In the next screen, again, select "Manage" > "Provisioning"
- You now see a longer dialog and these are the settings:
- Select Provisioning Mode: Automatic and add the relevant Tenant URL
- In the image below is the example of the shared EU environment. Services might be replaced with any custom name space https://{{namespace}}.babelforce.com/auth/scim/v2
- For the Token, you will now need the long lived token provided by the Success team as mentioned at the beginning of the article
- Click on Test Connection to ensure that the setup was successful - you can only save AFTER you tested the connection
- Click on save once the tests are done
- After this is saved, click on "Mappings" > "Provision Microsoft Entra ID Groups"
- Toggle "Enabled" to "No" as babelforce does not support SCIM groups. But no worries, we have a working role concept that can be applied. We will get to it.
- Save the changes
- Go back to the previous view, find "Mappings" > "Provision Microsoft Entra ID Users"
- In this section, scroll down
- There is a long list of attribute mappings
- Go ahead and DELETE all of them except the three that are highlighted
- userName
- active
- displayName
- Once deleted, this is how the section should look like
- Remember to click on Save - otherwise all settings will get lost (when saved, the button is grayed out)
- Stay in the same section
- edit the userName by clicking on "Edit"
- change the Source attribute to "mail" (this is equivalent to email)
- Click Ok and then Save in the next view, otherwise the change is NOT persisted
- To see the change in the overview page you will have to reload after saving
- Again stay in the same section and scroll down
- find "Show advanced options"
- Tick the box and click on "Edit attribute list for customappsso"
- By default, id should be the Primary Key and Required
- Also, userName should be required
- To enable the role mapping, add the attribute "role" at the end of list
- Tick the box for "Required" and "Multi-Value", otherwise Microsoft cannot send the roles to babelforce
- Click on Save
- In the original screen, add a new mapping by clicking on "Add New Mapping"
- These are the expected inputs:
- Mapping Type: Expression
- Expression: AssertiveAppRoleAssignmentsComplex([appRoleAssignments])
- Target attribute: roles
- Default value must be empty
- After confirming with Ok, you will see the original dialog again
- A new mapping should be visible, similar to the documentation below
- Click on Save
Assign babelforce roles in Entra
- Find you SCIM app, e.g. by searching for it via the search bar
- In the side bar, navigate to "Manage" > "App roles"
- In the view, click on "Create app role"
- A side window opens
- In the side dialogue, enter the following values matching the babelforce roles, in our example we are adding the role "manager"
- Display name: manager
- Value: manager
- Description: Manager in babelforce
- You repeat this process for all remaining babelforce roles that are relevant for your team
- After you created all babelforce roles, remove the role "User"
- First disable and then delete the role "User"
- You may keep the user msiam_access.
- In the end, all relevant babelforce roles should be listed in this view, in our example it is only "manager" and "agent"
babelforce role | value | display name |
description (examples) |
Manager | manager | manager |
Ability to change all settings in babelforce, create call flows, etc. |
Agent | agent | agent |
Is able to use the babelforce agent application. Gets connected to incoming customer calls. |
Scheduler | scheduler | scheduler |
scheduler in babelforce |
Reporter | reporter | reporter |
reporter in babelforce |
Router | router | router |
router in babelforce |
Supervisor | supervisor | supervisor |
supervisor in babelforce |
Sales | sales | sales |
sales in babelforce |
Comments
0 comments
Please sign in to leave a comment.