Table of Contents

SCIM Synchronization

Anita Wilknitz Updated by Anita Wilknitz

Companies that store their personnel records in Azure Active Directory (now known as Microsoft Entra ID) can easily synchronize this data with the Person list in ENS+. Thanks to this fully automatic synchronization, there is no longer any need for contact data management within ENS+.

SCIM stands for System for Cross-domain Identity Management. It's an open standard designed to make it easier to automate the exchange of user identity information between systems—especially for cloud-based applications and services.

In ENS+, you can decide which person properties you want to import. This can be defined on the 'SCIM Import' page under 'Setup'. 

In the Attriubute mapping you can click on which properties should be synchronized:

With the help of the generated token from ENS+ your Azure administrator needs to connect your Entra ID account with your ENS+ enterprise:

The data synchronization runs automatically based on Azure configurations (default is every 40 minutes). If for any reason the regular synchronization running in the background is interrupted on the ENS+ side, the system will send an email notification to the freely selectable email addresses. In this situation the ENS+ will automatically disable the synchronization which needs to be re-enabled (after fixing the issue) in order for the import to continue.

ENS+ configuration for SCIM Import

Log in with a principal and navigate to the menu `Setup` > `SCIM Import`.

Configure the token, the administrator email address (optional) and enable SCIM Sync.

SCIM field mappings are fixed in ENS+. To configure the attribute mapping, select the fields that you want to synchronize from the SCIM server to ENS+.

These fields must be in sync with the SCIM server configuration.

Go to the `Manage` > `Provisioning` of your Microsoft Entra ID in Azure Active Directory (AAD).

In the `Admin credential` part, configure the credentials that will be used to connect to ENS+:

  • Tenant URL: `<url-of-your-ens-server>/portal/scim/`
  • Secret Token: The token you received on the ENS+ configuration (can be regenerated at any time)

In the `Mapping` part, configure the attribute mapping for `Users`, `Groups` are currently not supported.

Select the fields that you want to synchronize from AAD to ENS+ for `Users`. An example configuration is shown below.

How did we do?

Contact