Azure Active Directory - Establishing a SCIM connection with Living Security

The System for Cross-Domain Identity Management (SCIM) user management API enables automatic provisioning of users between the Living Security Training Platform and Azure AD (AAD).



  • Cloud application administrator role or higher in Azure Active Directory
  • SCIM support enabled by a customer support representative (
  • A Custom Non-Gallery Application created by following these steps

Note: Group-based assignment requires Azure Active Directory Premium P1 or P2 licensing. See here for more details.

Configuring Provisioning

  1. Click Provisioning, then Get Started.
  2. Use the dropdown box to select Automatic, enter the Tenant URL of and your secret API token. Finally, click Test Connection and observe the successful test. Now click Save.
  3. After saving your configuration the Mappings section becomes available. Azure offers both user and group object mapping. For the Living Security application, we'll be mapping user objects. Expand Mappings and then click Provision Azure Active Directory Users.
In the new pane accept the default actions of createupdate, and delete. The Living Security application requires the mail attribute be mapped to userName. Please refer to the image below for a valid mapping example. See here for supported and mandatory attributes. Alternatively, checking the Columns dropdown in your LS user management dashboard can be insightful when making mapping decisions.
While not required, Scoping is a helpful feature to set up additional criteria to include or exclude users for provisioning. Please note that if mapping roles, the mapping cannot be directly mapped, it must be mapped via expression.


Adding users and groups

  1. Now is the time to add users or groups to the application. Navigate back to the main dashboard of the application you created, select Users and groups then Add user/group to begin adding objects to be provisioned.


  1. Once you are satisfied with the users and/or groups you've added to the application, click Provisioning in the left menu and then Start Provisioning.
  2. Once the Provisioning cycle is complete navigate to your LS user management dashboard and observe that the users have come in correctly with the attributes of your choosing.

Note: For technical support or questions please email