All Collections
Start with Rakoo
Linking your hub to other systems
Adding users via Microsoft Entra ID
Adding users via Microsoft Entra ID

A step-by-step guide on how to add users to your online academy via Microsoft Entra ID

Floor Takman avatar
Written by Floor Takman
Updated over a week ago

To add users from Microsoft Entra ID (formerly Azure Active Directory), Microsoft has developed the SCIM protocol. This allows you to add users (provisioning) to the online academy through matching and automatic synchronization.

In this article, you will find a guide that will take you through the important steps. Please note: for precise information, it's always best to consult the support page of the provider. The provider has developed the software and can provide further assistance.

Setting up the connection

First, log in to the Microsoft 365 Admin Center. Then follow the steps below:

  1. Open Microsoft Entra ID.

  2. Go to Enterprise Applications.

  3. Create a new application.

    1. Choose 'Create your own application'.

    2. Choose a name and select 'Integrate any other application you don't find in the gallery (Non-gallery)'. Then click 'Create'.

  4. Go to your enterprise applications and select the application you just created.

  5. Go to 'Configure'.

    1. Choose 'Get started'.

    2. Select the provisioning mode 'Automatic'.

    3. Enter the 'Tenant URL'. It should be structured as: BaseURL/api/v2/external/scim You can find the BaseURL in your browser's search bar when you're logged in to your online academy.

    4. Enter the 'Secret Token'. This will be provided by us. Haven't received it yet? Contact support@rakoo.com or your Customer Success Manager.

After filling in the token and Tenant URL, the ‘assignments’ option will appear. Here, you can choose:

  • Provision Microsoft Entra ID Groups

  • Provision Microsoft Entra ID Users

By selecting both, you can indicate which fields should be synchronized for these options via the connection. These need to be checked before enabling synchronization. In the following steps we will explain how to check the fields.

Please note! Do not activate the connection yet. First, ensure that the fields are properly matched for Users and optionally Groups.

How does provisioning work?

The data is matched based on certain attributes (Attribute mappings). You can find the attributes in these settings:

  • Microsoft Entra ID attribute

  • customappsso attribute

The data flow order through these attributes is as follows: Microsoft Entra ID attribute --> customappsso attribute --> Rakoo fields. The Rakoo fields are not visible in Microsoft Entra ID, but we have added them to the schema below.

Provision Microsoft Entra ID Users

Use this option to send user data from Microsoft Entra ID to the online academy.

  • Please note: The 'Rakoo field' cannot and does not need to be filled in the SCIM provisioning. It serves as an indication of which of the other fields correspond to what you will see in Rakoo.

  • Please note: The other fields that appear (by default) in the SCIM provisioning, can be ignored. Do not remove them, as Rakoo will ignore these fields.

Microsoft Entra ID attribute

customappsso attribute

Rakoo field

mailNickname*

externalId

User ID

companyId** (This is fixed in the token and is required for the configuration)

Automatically filled in by Rakoo.

company (String value. E.g., 'Company X')

urn:ietf:params:scim:schemas:extension:enterprise:2.0:

User:organization

Company

department* (String value. E.g., 'Department X')

urn:ietf:params:scim:schemas:extension:enterprise:2.0:

User:department

Department

teams (String value, multiple values. E.g., [“team1”,”team2”])

urn:ietf:params:scim:schemas:extension:enterprise:2.0:

User:teams

Team

userPrincipalName*

userName

email (needs to correspond with 'mail' below)

mail*

emails[type eq "work"].value

email (only one mail allowed in the list, must match 'userPrincipalName')

givenName*

name.givenName

First name

surname*

name.familyName

Last name

Own attribute***

name.middleName

Middle name

preferredLanguage (This is a language code, e.g., en or nl-NL

preferredLanguage

Language

jobTitle

title

Function (If the function does not exist in Rakoo, it will be created)

cost center (String value. E.g., ‘administration’)

urn:ietf:params:scim:schemas:extension:enterprise:2.0:

User:costCenter

Cost center

manager

  • This value should be an object containing a value field. The value refers to the user ID of the manager. The manager must already exist as a user in Rakoo. If necessary, it will automatically be made manager. E.g., "...manager": { "value": "manager-corp-id" }

  • Once a user has been made a manager by SCIM, it can only be undone manually.

urn:ietf:params:scim:schemas:extension:enterprise:2.0:

User:manager

You can assign one manager to a user. Existing managers who have one-on-one access to that user will be disconnected.

* These fields are mandatory.

** If you want to assign users to multiple companies, you can use the 'company' field to assign different companies to users. If 'company' is not specified, the company included in the SCIM token will be used.

*** Rakoo supports name.middleName, but Microsoft does not create this field by default. You can configure a custom attribute for this purpose. If you don't configure it, the middle name will be appended to the 'Last Name' field in Rakoo.

Provision Microsoft Entra ID Groups

With 'Provision Microsoft Entra ID Groups', you can create departments and modify names. If a department with users is deleted, those users will be automatically placed in the 'DefaultScimDepartment' department in Rakoo.

  • Please note: The 'Groups' are not used for 'Groups' in Rakoo, but for 'Departments'. Departments are added to a user when matching user data.

  • Please note: The 'Rakoo field' cannot and does not need to be filled in the SCIM provisioning. It serves as an indication of which of the other fields correspond to what you will see in Rakoo.

  • Please note: The other fields that appear (by default) in the SCIM provisioning, can be ignored. Do not remove them, as Rakoo will ignore these fields.

Microsoft Entra ID attribute

customappsso attribute

Rakoo field

displayName*

displayName

Department (this name will be displayed at the department)

objectId**

externalId

External ID of the department

* These fields are mandatory.

** The externalId of a department should not be modified while the connection is active. If you do so, the department will no longer be recognized in the connection.

Adding Users and Groups in SCIM provisioning

Now that the provisioning is set up, you need to specify which users are involved. This can be done with individual users or user groups (Group). You can determine what a group is and who falls under it. You can do this by following these steps:

  1. Go to Enterprise Applications.

  2. Go to your SCIM provisioning.

  3. Go to 'Users and Groups'.

  4. Add User or Group here.

Please note: This 'Group' is not the same as a 'Group' that you can assign as a department in Rakoo. It only refers to user groups that you want to add in the SCIM provisioning.

Enabling the Connection

Once everything is set up correctly, you can test and enable the connection. You can follow these steps to enable the connection:

  1. Go to Enterprise Applications.

  2. Go to your SCIM provisioning.

  3. Go to Provisioning.

  4. Choose 'Start Provisioning'.

Modifying the Connection

Follow the steps below to modify the connection:

  1. Go to Enterprise Applications.

  2. Go to your SCIM provisioning.

  3. Go to Provisioning.

  4. Choose 'Edit Provisioning'.

Did this answer your question?