SCIM provisioning using Azure AD¶
Lightrun supports using the open standard System for Cross-domain Identity Management (SCIM) to:
- Grant your users in your company seamless access to the Lightrun Application using their Azure credentials.
- Add, remove, and assign your users in your organization - Lightrun basic or manager roles.
For more information, see SCIM provisioning Overview.
To implement the Lightrun SCIM protocol, you need to be aligned with the following prerequisites.
- Lightrun supports Cross-domain Identity Management( SCIM 2.0).
- The Lightrun SCIM feature is only available to users on our Enterprise plan; please contact our Support team for more information.
- Generate a dedicated API Key for your integration with SCIM. For more information, see Lightrun System API Keys.
Set up SCIM in Lightrun¶
- Log in to your Lightrun account.
In the Organization Settings section, click SCIM. The SCIM window opens.
In the SCIM page, copy and save the following URLs:
- In the OAuth Bearer token field, click API Key to be routed to the API key page. You will need to generate an API Key and copy it to Azure’s SCIM settings. The API Key is used for authentication and authorization between the SCIM server with and the connected Lightrun Management portal.
- In the URL from the SCIM API endpoint field, click Copy and save the URL.
To activate SCIM, click the Enable toggle.
- (Optional) Click Allow Sync Password to match the user’s Active Directory (AD) password and their Azure password.
Proceed to configure Azure AD as your identity provider.
Configure SCIM in AZURE AD¶
- Sign in to the Azure Portal, and click Enterprise applications in the sidebar.
- Click +New Application in the top bar.
- Click Create your own application.
- Provide a name for your
<App-Lightrun>and click integrate any other application you don’t find in the gallery and click Create. The newly created Lightrun App dialog opens.
- Click Provisioning.
- In the new dialog, click Get started. The Provisioning page opens.
- Set the Provisioning mode to Automatic.
- In the Admin Credentials section, paste the fields that you saved in the SCIM page in the Lightrun Management Portal.
- In the Tenant URL field, paste the URL you copied from Redirect URI in the SCIM page in the Lightrun Management Portal.
- In the Secret Token field, paste the SCIM token you copied from the OAuth Bearer Token in the SCIM page in your Lightrun Management Portal.
- To verify the configuration, select Test Connection.
In the Mappings section, set:
- Provision Azure Active Directory Group to No.
- Provision Azure Active Directory to Yes.
Click Provision Azure Active Directory Users, scroll down and select the Show advanced options checkbox, then click Edit attribute list for customappsso.
In the table, add the following attribute:
- Add new attribute emails[type eq "work"].primary with type boolean.
- Go back to the User mappings page and click New Mapping. The Edit Attribute dialog opens.
- Click on
emails[type eq “work”].valueand change the Source attribute to userPrincipalName.
- Click Ok.
- Click Save.
- Return to Application Overview and toggle the Provisioning Status to On.
The provisioning process takes a while. Wait for the process to complete.