Configuring SCIM in Entra (Microsoft)

Katrin Geske
Katrin Geske
  • Updated

To setup SCIM, you will need a user in babelforce dedicated only for the integration (e.g. call it scim@mycompany.com). Once this user exists, you will need to get in touch with the Success team. We will provide you with a long living token which is necessary to make the integration work

 

Adjusting necessary settings in babelforce

To use Entra, a change in SCIM settings on babelforce's side is necessary. Unfortunately, this is not yet available via frontend. Therefore, this needs to be done via API. However, this is a pending feature request that should eventually be available.

This is how settings should be adjusted via CuRL:

curl -X 'PUT' \ 
'
https://latest.dev.babelforce.com/auth/scim/v2/configuration' \
-H 'accept: application/json' \
-H 'Authorization: Bearer ${YOUR_BEARER}' \
-H 'Content-Type: application/json' \
-d '{
"defaultRoles": [],
"customizer": "microsoft",
"features":
{
"scim": true,
"groups": false,
"roles": true,
"password_sync": false,
"phone_number_sync": false
}
}'

You can also use our developer-hub directly, here the link to the EU namespace:

https://apps.babelforce.com/developer-hub/scim/#/scimConfig/createSCIM

There, you apply the same settings as above:

{ 
"defaultRoles": [],
"customizer": "microsoft",
"features":
{
"scim": true,
"groups": false,
"roles": true,
"password_sync": false,
"phone_number_sync": false
}
}

 

Setting up SCIM in Entra

  • Login to https://portal.azure.com/ 
  • Click on Microsoft Entra ID
  • Click on "Manage" > "Enterprise Applications"
  • Click on "New Application"
  • In the next dialog, click on "Create your own application"
  • give your application a name
  • ensure that "Non-gallery" option is selected and click on "create"
  • Wait until the application is created
  • Once it is, you will see a screen as in the screenshot below
  • Click on "Manage" > "Provisioning"
  • In the next screen, again, select "Manage" > "Provisioning"
  • You now see a longer dialog and these are the settings:
  • Select Provisioning Mode: Automatic and add the relevant Tenant URL
    • In the image below is the example of the shared EU environment. Services might be replaced with any custom name space https://{{namespace}}.babelforce.com/auth/scim/v2
    • For the Token, you will now need the long lived token provided by the Success team as mentioned at the beginning of the article
  • Click on Test Connection to ensure that the setup was successful - you can only save AFTER you tested the connection
  • Click on save once the tests are done
  • After this is saved, click on "Mappings" > "Provision Microsoft Entra ID Groups"
  • Toggle "Enabled" to "No" as babelforce does not support SCIM groups. But no worries, we have a working role concept that can be applied. We will get to it.
  • Save the changes
     
  • Go back to the previous view, find "Mappings" > "Provision Microsoft Entra ID Users" 
  • In this section, scroll down
  • There is a long list of attribute mappings
  • Go ahead and DELETE all of them except the three that are highlighted
    • userName
    • active
    • displayName
    •  
  • Once deleted, this is how the section should look like
  • Remember to click on Save - otherwise all settings will get lost (when saved, the button is grayed out)
  • Stay in the same section
  • edit the userName by clicking on "Edit"
    • change the Source attribute to "mail" (this is equivalent to email) 
  • Click Ok and then Save in the next view, otherwise the change is NOT persisted
  • To see the change in the overview page you will have to reload after saving 
  • Again stay in the same section and scroll down
  • find "Show advanced options"
  • Tick the box and click on "Edit attribute list for customappsso"

  • By default, id should be the Primary Key and Required
  • Also, userName should be required 
  • To enable the role mapping, add the attribute "role" at the end of list
  • Tick the box for "Required" and "Multi-Value", otherwise Microsoft cannot send the roles to babelforce
  • Click on Save 
  • In the original screen, add a new mapping by clicking on "Add New Mapping"
  • These are the expected inputs:
    • Mapping Type: Expression
    • Expression: AssertiveAppRoleAssignmentsComplex([appRoleAssignments])
    • Target attribute: roles
    • Default value must be empty
  • After confirming with Ok, you will see the original dialog again
  • A new mapping should be visible, similar to the documentation below
  • Click on Save

 

Assign babelforce roles in Entra

  • Find you SCIM app, e.g. by searching for it via the search bar

  • In the side bar, navigate to "Manage" > "App roles"

  • In the view, click on "Create app role"
  • A side window opens
  • In the side dialogue, enter the following values matching the babelforce roles, in our example we are adding the role "manager"
    • Display name: manager
    • Value: manager
    • Description: Manager in babelforce
  •  You repeat this process for all remaining babelforce roles that are relevant for your team
  • After you created all babelforce roles, remove the role "User"
    • First disable and then delete the role "User"
    • You may keep the user msiam_access.
  • In the end, all relevant babelforce roles should be listed in this view, in our example it is only "manager" and "agent"



babelforce role value display name

description (examples)

Manager manager manager

Ability to change all settings in babelforce, create call flows, etc.

Agent agent agent

Is able to use the babelforce agent application. Gets connected to incoming customer calls.

Scheduler scheduler scheduler

scheduler in babelforce

Reporter reporter reporter

reporter in babelforce

Router router router

router in babelforce

Supervisor supervisor supervisor

supervisor in babelforce

Sales sales sales

sales in babelforce

Was this article helpful?

/

Comments

0 comments

Please sign in to leave a comment.