Azure Active Directory integration in Enpass using SCIM

Large organizations need to automate the process of user provisioning. Enpass supports automatic provisioning through standard SCIM 2.0 protocol. You can easily connect your Azure Active Directory with Enpass and automate the following tasks:

  1. Create users for the organization
  2. Grant and revoke Enpass licenses
  3. Delete users

The integration process with Azure Active Directory starts by logging into the Microsoft Azure portal https://portal.azure.com/

Step 1: Create Enpass SCIM application

To create the Enpass SCIM application on the Azure portal:

  1. Go to Azure Active Directory, and then select Enterprise applications in the sidebar.
  2. Click New application.
  3. Click Create your own application.
  4. Enter the name of the application as Enpass SCIM, and then select Integrate any other application you don’t find in the gallery (Non-gallery).
  5. Click Create.

Step 2: Configure Enpass SCIM application

To configure Enpass SCIM application:

  1. Go to Provisioning in the sidebar. 
  2. Click Get started.
  3. Select Automatic Provisioning mode from the drop-down.
  4. Enter your Tenant URL and the Secret Token provided to you.
  5. Click the Test Connection button and wait for the message that confirms that the credentials are correct.
  6. Click Save.

Step 3: Synchronize users and groups

To synchronize users and groups:

  1. Go to Provisioning in the sidebar, and then click Update credentials in the manage provisioning. 
  2. Go to Settings and choose Scope as per your need. 
  3. Use Sync only assigned users and groups if you want to provision Enpass for specific users only. You can manage assigned users and groups later from the Users and groups option in the sidebar. 
  4. Set Provisioning status to On, and then Save.  
  5. Azure AD will automatically provision assigned users.

Provisioned users are visible in the Enpass Admin Console but can’t be removed manually from the console by the admin. The Enpass console admin can’t be removed via Azure Active Directory and must be removed manually.