Configure Azure Active Directory for PureCloud SCIM (Identity Management)


Note: This article applies to PureCloud SCIM (Identity Management).

To use PureCloud SCIM (Identity Management), configure Azure Active Directory to sync user entities to PureCloud. In Azure Active Directory, create an enterprise application that you configure to work with the SCIM APIs. Then assign users and groups to this enterprise application. 

Prerequisites

Token generation

Generate a token to use for Provisioning.

  1. Open Postman.
  2. Import the Genesys Cloud Client Credentials collection from the link https://www.getpostman.com/collections/06d3bac569ec729f0a59
  3. Replace {{environment}} in the POST API call with the login URL where your PureCloud organization is located, for example, https://login.mypurecloud.com/oauth/token. For a list of regional URLs, see Platform API (Developer Center)
  4. Under Authorization, add the following information:
    1. Username: Enter the Client ID from the PureCloud OAuth client you created.
    2. Password: Enter the Client Secret from the PureCloud OAuth client you created.
  5. Click Send. Your access token appears in the response body. You will use this token when you provision Azure Active Directory. See the Provisioning section.

Application setup

Add the PureCloud by Genesys application.

  1. Log in to Azure Active Directory.
  2. In the left column, click Enterprise applications.
  3. Click New application
  4. Search for and click PureCloud by Genesys.
  5. Click Add

Provisioning

Enter admin credentials and test the connection.

  1. In the left column under Manage, click Provisioning.
  2. In the Provisioning Mode menu, select Automatic.
  3. Under Admin Credentials, add the following information:
    1. Tenant URL: Enter the URL of the SCIM endpoint: https://{domain}/api/v2/scim/v2/.

      Use the domain associated with the location of your PureCloud organization:

      PureCloud region Domain
      Americas (Canada) api.cac1.pure.cloud
      Americas (US East) api.mypurecloud.com
      Americas (US West) api.usw2.pure.cloud
      Asia Pacific (Seoul) api.apne2.pure.cloud
      Asia Pacific (Sydney) api.mypurecloud.com.au
      Asia Pacific (Tokyo) api.mypurecloud.jp
      EMEA (Dublin) api.mypurecloud.ie
      EMEA (Frankfurt) api.mypurecloud.de
      EMEA (London) api.euw2.pure.cloud
    2. Secret Token: Enter the bearer token. The bearer token is the access token returned when you made an API call in Postman. See the Token generation section.
  4. Click Test Connection.
  5. Click Save.
  6. Under Settings, click On next to Provisioning Status.
  7. Click Save.

Mappings (optional)

The Azure Active Directory application automatically configures mappings for groups and users. You can modify these mappings or add new attributes to the existing mappings.

  1. Under Mappings, click the name of a mapping.
  2. Delete an attribute or add a new mapping.

    This table shows the mappings of Azure Active Directory fields to SCIM fields.

    Note: The mappings allow a one-way push from Azure Active Directory to PureCloud. For a table that shows the relationship between SCIM and PureCloud fields, see SCIM and PureCloud field mappings.

    Azure Active Directory field SCIM field Required Notes
    userPrincipleName userName Yes This field generates the main email address in PureCloud.
    Not([IsSoftDeleted]) state Yes
    displayName displayName Yes
    jobTitle  title No
    manager scimEnterpriseUser.
    manager.value
    No Full URN: urn:ietf:params:scim:schemas:
    extension:enterprise:2.0:
    User:manager.value
    department scimEnterpriseUser.
    department
    No Full URN: urn:ietf:params:scim:schemas:
    extension:enterprise:2.0:
    User:department
    {Customer-dependent field} scimEnterpriseUser.division No This field is the name of the division in SCIM and is mapped to the PureCloud divisionId. This field does not create a division.
    mail emails[type eq “work”].value No
    StripSpaces([telephoneNumber]) phoneNumbers[type eq “work”].value1 No
    {Customer-dependent field} phoneNumbers[type eq “work2”].value1 No
    {Customer-dependent field} phoneNumbers[type eq “work3”].value1 No
    {Customer-dependent field} phoneNumbers[type eq “work4”].value1 No
    {Customer-dependent field} phoneNumbers[type eq “home”].value1 No
    {Customer-dependent field} phoneNumbers[type eq “other”].value1 No
    StripSpaces([mobile]) phoneNumbers[type eq “mobile”].value1 No
    givenName name.givenName No Not currently supported by PureCloud.
    surname name.familyName No Not currently supported by PureCloud.
    postalCode addresses[type eq “work”].postalCode No Not currently supported by PureCloud.
    physicalDeliveryOfficeName addresses[type eq “other”].Formatted No Not currently supported by PureCloud.
    streetAddress addresses[type eq “work”].streetAddress No Not currently supported by PureCloud.
    employeeId scimEnterpriseUser.
    employeeNumber
    No Full URN: urn:ietf:params:scim:schemas:
    extension:enterprise:2.0:
    User:employeeNumber
    scimUserExtensions.
    routingSkills.[].name
    No Full URN: urn:ietf:params:scim:schemas:
    extension:genesys:purecloud:2.0:
    User:routingSkills.[].name
    scimUserExtensions.
    routingSkills.[].proficiency
    No Full URN: urn:ietf:params:scim:schemas:
    extension:genesys:purecloud:2.0:
    User:routingSkills.[].proficiency
    scimUserExtensions.
    routingLanguages.[].name
    No Full URN: urn:ietf:params:scim:schemas:
    extension:genesys:purecloud:2.0:
    User:routingLanguages.[].name
    scimUserExtensions.
    routingLanguages.[].proficiency
    No Full URN: urn:ietf:params:scim:schemas:
    extension:genesys:purecloud:2.0:
    User:routingLanguages.[].proficiency

    1 For Azure Active Directory fields, use StripSpaces with phone number mappings, for example, phoneNumbers[type eq “mobile”].value == StripSpaces([mobile]). The StripSpaces function standardizes the format of telephone numbers in Azure Active Directory. Standardization ensures that telephone numbers match the format of telephone numbers in PureCloud and prevent erroneous user updates from occurring.
  3. Click Save.

For more information, see Customizing user provisioning attribute-mappings for SaaS applications in Azure Active Directory in the Azure Active Directory documentation.

Users and groups

Add users and groups that you want to sync from Azure Active Directory to PureCloud. 

Notes:
  • Provisioning can create, update, and delete users in PureCloud.
  • Provisioning can add users to a group or remove users from a group in PureCloud, but cannot create or delete groups in PureCloud. If you are syncing groups, only select Update.
  • Group names must be the same (case insensitive) in both applications. Otherwise, Active Directory cannot sync user membership to PureCloud.

  1. In the left column under Manage, click Users and groups.

    A list of users and groups in your Azure Active Directory appears.

  2. Click Add user.
  3. Click Users and groups.
  4. Select or search for any users and groups that you want to add to this application.
  5. Click Select
  6. Click Assign

For more information, see Managing user account provisioning for enterprise apps in the Azure portal in the Azure Active Directory documentation.

Scope (optional)

By default, Azure Active Directory sets the scope to Sync only assigned users and groups. You can change the scope so that Azure Active Directory syncs all users and groups to PureCloud.

  1. In the left column under Manage, click Provisioning.
  2. In the Scope menu under Settings, select Sync all users and groups
  3. Click Save.

The SCIM APIs now automatically sync user entities from your enterprise application to PureCloud.

For information about PureCloud SCIM (Identity Management), see About PureCloud SCIM (Identity Management) (Resource Center) and PureCloud SCIM (Identity Management) overview (Developer Center).