Follow these instructions to configure auto-provisioning after setting up Entra ID (formerly Azure AD) SSO. This setup automates creating, updating, and deleting user accounts for your intranet.
The following process will take 1-2 hours to complete. Before you start, ensure you have administrative access to your Azure portal and Axero and have completed steps 1-3 of the SSO Setup Guide.
Log into Microsoft Entra as an administrator.
Navigate to Enterprise applications and select your SSO application.
Click Provisioning in the application menu.
Select Get started to initiate the setup.
Change the Provisioning Mode to Automatic to enable automatic user provisioning.
Click to expand the Admin Credentials section.
In the Tenant URL field, enter your intranet's URL followed by /api/scim/v2. Examples include https://mycompany.communifire.com/api/scim/v2 and https://mycompany.com/api/scim/v2.
/api/scim/v2
Open a new browser tab and log into your Axero site.
Go to Control Panel > System > Single Sign-On.
Click to show the SCIM User Provisioning area and copy the Bearer token.
Return to the first tab and paste the token into the Secret Token field.
Click Test Connection to ensure the settings are correct.
After confirming the successful connection, click Save and close the page.
Return to the Provisioning page and click Edit attribute mappings.
Click Mappings and Provision Microsoft Entra ID Users.
Edit the externalId to mailNickname mapping.
externalId
mailNickname
Change the Source attribute to objectId.
objectId
Click Ok to confirm.
Click Save to apply and Yes to confirm.
Return to the Provisioning section.
Click Start provisioning.Note Entra ID typically refreshes user profiles every 40 minutes. Click Provision on demand to immediately provision a user.
Below are the standard SCIM data mappings between Entra ID and Axero. You do not need to add these attributes.
Note To synchronize the Reports to field, ensure that (1) the user has a manager assigned in Entra ID, (2) the manager is assigned to the application, and (3) the manager has an account in Axero.
Note Profile pictures cannot be synchronized using auto-provisioning. You must configure User Syncing and enable Sync profile pictures.
To add a custom attribute:
Click Edit attribute mappings.
Click Show advanced options.
Click Edit attribute list for customappsso.
At the bottom of the attribute list, enter new attributes.
For example, add a custom attribute for the user's hire date.
Click Save. Click Yes to confirm.
Mapping type: Select Direct.
Source attribute: Select the Entra ID attribute.
For example, employeeHireDate
Target attribute: Select the property to map in Axero.
For example, hireDate
Match objects using this attribute: Select No.
Apply this mapping: Select Always.
Click Ok to save the mapping.
Once all mappings have been added, click Save and Yes to confirm.
In Axero, go to Control Panel > System > System Properties.
Type "scim" in the filter.
Locate the SCIMCustomAttributesEnabled system property and click the Edit button.
Click the Value button to enable.
Click Save to apply.
Go to System > Single Sign-On.
Click the Data Mapping tab and select SCIM.
Click the Add button to add a new mapping.
Ensure the property name is identical to the custom attribute name you added in Entra and is mapped to the correct profile field in Axero.
Click Update.
Go to System > Advanced System Utilities.
Click Restart Site.
Return to the Entra Provisioning page and click Provision on demand to test new mappings.
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/communifire-documentation/wiki/view/101874/setup-guide-azure-ad-auto-provisioning?locale=en-US%2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f1%2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f1%2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f1%2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f1
Your session has expired. You are being logged out.