Buuky Help
This page is also available in: Deutsch

Useraccount synchronisation (SCIM)

Tags:

Buuky offers a connection to identity providers (e.g., Microsoft Entra ID, formerly Active Directory) via SCIM, enabling automatic synchronization with the company's user data so that it does not have to be maintained manually in Buuky.

New users are automatically created in Buuky as soon as they are created in the identity provider or added to a predefined group. The same applies to changes or deletions of user data. However, this behavior does not work in reverse: if an administrator deletes a user in Buuky, for example, this change is not transferred to the identity provider.

Setup

In the Buuky configuration, the setup can be found in the left navigation bar under User synchronization (SCIM).

To set it up, an administrator of your company's identity provider usually has to enter the data provided in this section. Most steps take place within the identity provider. Buuky currently supports connection to Microsoft Entra ID via SCIM. If you use a different identity provider, please contact our support team to check the possibility of a connection.

Steps in Buuky

In Buuky Administration, navigate to Integrations > User Synchronization (SCIM).

Select the appropriate identity provider. Currently, only Microsoft Entra ID is available. Confirm that you have read all the information displayed and then click on Start SCIM setup.

You will now see all the necessary data you need for setup in your identity provider.

Important! The client key must remain secret and may only be stored in your identity provider. Do not share this key with other people or third parties.

That's all there is to do in Buuky. The rest of the setup must be done in your identity provider. You can click on “Done” at this point or complete the setup in your identity provider first. The data will remain stored and can be retrieved at any time later.

Steps in Microsoft Entra ID (formerly Active Directory)

For Microsoft Entra ID, you can follow the official Microsoft instructions:

Microsoft Entra ID SCIM EN.

Alternatively, we describe the necessary steps here. Regardless of which method you choose, the attribute mappings (shown in both variants) must be configured as follows in any case:

Groups: Enabled -> No

Users:

  • Enabled -> Yes
  • Target Object Actions: Create, Update, Delete
customappsso Attribute Microsoft Entra ID Attribute Matching precedence
userName userPrincipalName 1
active Switch([IsSoftDeleted], , "False", "true", "True", "false")
displayName displayName
externalId objectId

Attention: The attribut active is of mapping type Expression. The other attributes are of the type Direct.

1. Create a new Enterprise app in Microsoft Entra Admin Center

  • In your Microsoft Entra Admin Center, select Enterprise apps and then New application.
  • Select Create your own application.
  • Give the application a name (e.g., “Buuky SCIM”), select Integrate any other application not found in the catalog, and click Create.

Anlegen der Anwendung

Name und Art der Anwendung

2. SCIM configuration in Microsoft Entra ID

  • Select Provisioning in the left navigation bar.
  • Select New Configuration in the top navigation bar.
  • Now enter the data from the Buuky SCIM configuration:
    • Authentication method: Bearer authentication
    • Client URL: The Buuky SCIM URL
    • Secret token: The Buuky client key
  • Click on Test connection and then on Create.

Bereitstellung auswählen

Konfiguration erstellen

Verbindungsdaten eintragen und testen

3. Configure attribut mapping in Microsoft Entra ID

  • Select Attribute Mapping (Preview) in the second navigation pane on the left.
  • There, deactivate Provision Microsoft Entra ID Groups.
    • Select the item and change Enabled to No.
    • Then click Save (at the top).
  • Next, select Provision Microsoft Entra ID Users.
    • There, you must configure the attribute mappings as described above or as shown in the image.
    • To do this, delete the attributes that are not needed and edit or add the required attributes.
    • Then click Save (at the top).

Attributzuordnung

Attributzuordnung User anpassen

4. Select users or groups for synchronization and start provisioning

  • Select Users and Groups in the second navigation pane on the left.
  • There you can choose whether all users should be synchronized, only certain groups, or even just individual users.
  • It is important that your Buuky license is sufficient for the number of synchronized users, so choose the users or groups carefully.
  • Then click on Save.
  • Finally, you can start the synchronization by clicking on Start provisioning at the top.

Bereitstellung starten

Current configuration

If you need your client key or the Buuky SCIM URL (tenant URL) from the configuration again at a later date, you can find it here. It is hidden behind the Show configuration details button.

Synchronization

Under the heading Synchronization, you can see the time when data was last transferred to Buuky. In the synchronization details, you can see the exact requests that the identity provider has sent to Buuky so far. There you can also see whether the changes were successful and when they were executed.

Deletion

You can delete the synchronization at any time. To do so, click on End SCIM connection and delete and confirm that you want to disconnect. Your users will remain and must be deleted separately. Only the connection and automatic synchronization will be removed.

This page is also available in: Deutsch
Created with by viadee