Skip to main content

SCIM Azure

important

This feature is available in ReportPortal with a managed services subscription.

ReportPortal allows you to synchronize users and groups from Azure Microsoft Entra ID to ReportPortal via SCIM.

Creating a SCIM provisioning

  1. Log in to Azure portal.

  2. Go to the Azure Enterprise Applications section and click New application.

  1. Click Create your own application.
  1. Enter the name of your application. Choose the Integrate any other application you don't find in the gallery (Non-gallery) bullet and click the Create button.
  1. After creating an application, go to the Provisioning section and click New configuration.
  1. Fill in the following fields:
  • Tenant URL: https://{your_scim_server_host}?aadOptscim062020
  • Secret Token: your_admin_api_key
note

?aadOptscim062020 is a special parameter that allows you to use the a SCIM compatible protocol.

  1. Click Test Connection to check the connection and click Create.

Set up Attribute mapping

  1. Go to the Attribute mapping section and click Provision Microsoft Entra ID Users.
  1. In the Attribute Mappings section, find and delete the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager attribute. For some reason, Azure sends this attribute with the wrong SCIM format. This attribute is not used in ReportPortal.
  1. Click Save to save the changes.

Admin role synchronization

For proper synchronization of the admin role, you need to create a new App-role in Azure.

  1. Go to the Provisioning -> Users and groups section and click application registration.
  1. Click to Create app role.
  1. Fill in the following fields:
  • Display name: Administrator
  • Value: Administrator
  • Description: Administrator role

  1. Click Apply.

  2. Select the User role and fill the Value field with User.

  3. Click Apply.

  4. Return to the configured enterprise application and go to the Provisioning -> Attribute mapping -> Provision Microsoft Entra ID Users section.

  1. Select the Show advanced options checkbox at the bottom and click the Edit attribute list for customappsso link.
  1. You will see the Edit Attribute List. At the bottom of the list, fill in the empty fields with the name roles and type String.

  1. Click Save.

  2. Return to the Provision Microsoft Entra ID Users and click Add New Mapping.

  1. Fill in the following fields:
  • Mapping type: Expression
  • Expression: AppRoleAssignmentsComplex([appRoleAssignments])
  • Target attribute: roles

Keep default values for other fields.

  1. Click Ok and then Save.

After these steps, when you add users or groups to the Azure project you can select an application role for them: User or Administrator.

This role will be synchronized with the ReportPortal user instance role.