Configuring SCIM Directory Sync with Azure AD

For Dub Enterprise users, you can automatically provision and deprovision users from Azure AD to Dub using SCIM Directory Sync.

Steven Tey

Written by Steven Tey

This feature is only available on Dub Enterprise.

For Dub Enterprise users, you can automatically provision and deprovision users from your Azure Active Directory (AD) to Dub using SCIM Directory Sync.

Prerequisites

Before you can configure SCIM Directory Sync, you need to create a SAML application in Azure. See Configuring SAML SSO with Azure Active Directory for more information.

Step 1: Configure Directory Sync on Dub

In your project dashboard on Dub, click on the Settings tab in the menu bar at the top. Then, click on the Security tab in the sidebar.

Directory Sync section on the Dub Dashboard

Under the Directory Sync section, click on Configure. This will open up the Directory Sync modal:

  1. Select Azure AD as the Directory Provider.
  2. Click Save changes.
SCIM Modal

This will generate a Directory Sync connection for your Dub project, and return 2 values, which will be needed in Step 2:

  1. Tenant URL
  2. Secret Token
SCIM Modal Configured

Step 2: Add Provisioning to SAML Application

Click on the Provisioning tab of your existing Dub Okta SAML application that you want to enable SCIM provisioning for.

Provisioning tab of Okta SAML application

In the Provisioning tab, click on Get started.

Get started with provisioning

Select Automatic from the Provisioning Mode dropdown. Under the Admin Credentials section, enter the values that you obtained from Step 1:

  1. Tenant URL
  2. Secret Token
Provisioning tab of Azure SAML application

Click on Test Connection to test the connection to see if the credentials are correct, then click Save to save the credentials.

Expand the Mappings section and ensure group and user attribute mappings are enabled for your app. The default mapping should work.

Mappings section of Azure SAML application

Expand the Settings section and make the following changes:

  • Select Sync only assigned users and groups from the Scope dropdown.
  • Confirm the Provisioning Status is set to On.

Click Save to save the changes.

Settings section of Azure SAML application

Congratulations! You've successfully configured SCIM provisioning for your Dub project.

Step 3: Assign Users

Once you've configured Directory sync, you can assign users to Dub directly within Azure AD.

From your application, click the Users and groups from the left navigation menu and click Add user/group.

Adding users in Azure AD

Click on None Selected under Users.

From the right side of the screen, select the users you want to assign to the app and click the Select button. Thenm click Assign to those users to your app.

Assigning users in Azure AD

Your assigned users should now receive an invitation email to join your Dub project.

SAML invite email

Azure AD SCIM provisioning can take anywhere between 20-40 minutes to sync. This means that it may take up to 40 minutes for your users to receive the invitation email and be able to join your Dub project.

They will also be able to sign in to Dub using Azure AD SSO.

Did this answer your question?